2019-02-14 Instructure Advisory IAC93493 - ePortfolio Export Vulnerability
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SECURITY UPDATE |
Release Date: | 2019-02-14 |
Description: | ePortfolio Export Vulnerability |
Criticality Level: | Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
Impact: | Broken Access Control (BAC) / Insecure Direct Object References (IDOR) |
Systems Affected: | Canvas LMS |
Solution Status: | Patched |
Discovered By: | Defektive (Security Researcher) |
Relevant Changesets: |
Summary:
A security researcher supporting our ongoing bug bounty program hosted by BugCrowd identified a vulnerability in ePortfolios, which allowed an authenticated user to access files not owned by the user as part of an ePortfolio export.
Status:
All systems were patched as of 8:17 PM MT on 2/11/2019.