After an outage on September 1, the Instructure Community is now fully available, including guides, release notes, forums, and groups. If some styling still looks unusual, clear your cache and cookies.
SECURITY UPDATE |
Release Date: | 2014-10-13 (Last update can be found below the document title) |
Description: | A path traversal vulnerability was discovered which potentially allowed for limited traversal of the host server’s filesystem and possible unauthorized access to files readable by the parent process. |
Criticality Level: | Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
Impact: |
|
Systems Affected: | Canvas LMS |
Solution Status: | Remediated |
Discovered By: | Issue was reported by Nabeel Ahmed |
Relevant Changesets: | N/A |
Summary:
A path traversal vulnerability was discovered which potentially allowed for limited traversal of the host server’s filesystem and possible unauthorized access to files readable by the parent process.
Once the vulnerability was reported and validated, steps were immediately taken to address the vulnerability. Furthermore, a full impact analysis was performed to determine if the vulnerability had been exploited.
The Instructure InfoSec team found no evidence of an exploit.
Status:
All vulnerable systems were patched against the vulnerability on the same day it was reported.
Jordan has had various roles in the ed tech software (SAAS) industry for the past 9 years. (almost 5 years with Instructure). In his previous company he was a Client Services Manager for two years (responsible for account management, implementation, project management, and training, for each of his customers). After a year and a half he was commissioned to build a training department, all policies and procedures, and deliver training for all customers. Over the past eight years he has been in charge of conceiving, producing and deploying eLearning initiatives and strategies. He has trained over 3,000 adult learners with a wide range of technical aptitude, including K-12 Teachers, Principals, Administrators, Superintendents, Higher Ed Professors, Doctors, CTO’s, and Corporate Business Professionals and Executives. Jordan is an instructional designer and Community Manager for Instructure with a focus on connecting Canvas users with tools and resources that will help them get excited about and become proficient in utilizing the Canvas Learning Platform.
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign inTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in