Showing results for 
Search instead for 
Did you mean: 

2014-11-25 Instructure Advisory IAC19325 - CSRF and XSS vulnerability within Canvas

Community Champion
0 0 238


Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-11-25  (Last update can be found below the document title)
  Description:CSRF and XSS vulnerability within Canvas
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:Insertion and execution of arbitrary HTML code
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Reported by customer via a third-party security assessment
  Relevant Changesets:


During a routine security audit of the Canvas code base and platform performed by a third party at the request of a csutomer, a cross site forgery request vulnerability was identified. Once identified and confirmed, the vulnerability was verified, confirmed and patched by the Instructure engineering team.


All systems were patched as of 17:53 MT on 11/19/2014