2014-07-11 Instructure Advisory IAC00318 - Inadvertent preview of locked files

jordan
Instructure Alumni
Instructure Alumni
0
725

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-07-11  (Last update can be found below the document title)
  Description:Inadvertent preview of locked files
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:
  • Possible information leakage and/or unauthorized access
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Customer discovered and reported
  Relevant Changesets:

https://github.com/instructure/canvas-lms/commit/13dbb09bd420b4e268b0a6720c31c56367df9538


Summary:

A vulnerability was discovered within the Canvas codebase which could allow for unauthorized previewing of locked documents.

Status:

Fixed in Canvas Cloud as of 7/11/2014. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.