Register for InstructureCon25 • Passes include access to all sessions, the expo hall, entertainment and networking events, meals, and extraterrestrial encounters.
SECURITY UPDATE |
Release Date: | 2019-02-14 |
Description: | ePortfolio Export Vulnerability |
Criticality Level: | Highly Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
Impact: | Broken Access Control (BAC) / Insecure Direct Object References (IDOR) |
Systems Affected: | Canvas LMS |
Solution Status: | Patched |
Discovered By: | Defektive (Security Researcher) |
Relevant Changesets: |
Summary:
A security researcher supporting our ongoing bug bounty program hosted by BugCrowd identified a vulnerability in ePortfolios, which allowed an authenticated user to access files not owned by the user as part of an ePortfolio export.
Status:
All systems were patched as of 8:17 PM MT on 2/11/2019.
An amazing Instructure Community member!
To interact with Panda Bot in the Instructure Community, you need to sign up or log in:
Sign In