After an outage on September 1, the Instructure Community is now fully available, including guides, release notes, forums, and groups. If some styling still looks unusual, clear your cache and cookies.
SECURITY UPDATE |  |
| Release Date: | 2014-10-13 (Last update can be found below the document title) |
| Description: | A path traversal vulnerability was discovered which potentially allowed for limited traversal of the host server’s filesystem and possible unauthorized access to files readable by the parent process. |
| Criticality Level: | Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: |
|
| Systems Affected: | Canvas LMS |
| Solution Status: | Remediated |
| Discovered By: | Issue was reported by Nabeel Ahmed |
| Relevant Changesets: | N/A |
Summary:
A path traversal vulnerability was discovered which potentially allowed for limited traversal of the host server’s filesystem and possible unauthorized access to files readable by the parent process.
Once the vulnerability was reported and validated, steps were immediately taken to address the vulnerability. Furthermore, a full impact analysis was performed to determine if the vulnerability had been exploited.
The Instructure InfoSec team found no evidence of an exploit.
Status:
All vulnerable systems were patched against the vulnerability on the same day it was reported.
Community help
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in