cancel
Showing results for 
Search instead for 
Did you mean: 

2014-05-01 Instructure Advisory IAC93442 - User Login Creation

jordan
Community Champion
0 0 171

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-05-01  (Last update can be found below the document title)
  Description:Cross Account Login Creation
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:Exposure of Sensitive Data
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Internal Audit
  Relevant Changesets:

fix permission checks around pseudonym creation · instructure/canvas-lms@19d4d95 · GitHub 


Summary:

A bug in permissions checking could allow a malicious user to create logins in accounts that they wouldn't normally be allowed to. This could allow access to basic account information, depending on authentication settings.

Status:

Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.


Labels