|Release Date:||2014-11-25 (Last update can be found below the document title)|
|Description:||CSRF and XSS vulnerability within Canvas|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Insertion and execution of arbitrary HTML code|
|Systems Affected:||Canvas LMS|
|Discovered By:||Reported by customer via a third-party security assessment|
During a routine security audit of the Canvas code base and platform performed by a third party at the request of a csutomer, a cross site forgery request vulnerability was identified. Once identified and confirmed, the vulnerability was verified, confirmed and patched by the Instructure engineering team.
All systems were patched as of 17:53 MT on 11/19/2014