SECURITY UPDATE | |
Release Date: | 2014-10-13 (Last update can be found below the document title) |
Description: | A path traversal vulnerability was discovered which potentially allowed for limited traversal of the host server’s filesystem and possible unauthorized access to files readable by the parent process. |
Criticality Level: | Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
Impact: | - Potential unauthorized disclosure of information
- Potential unauthorized file system access
|
Systems Affected: | Canvas LMS |
Solution Status: | Remediated |
Discovered By: | Issue was reported by Nabeel Ahmed |
Relevant Changesets: | N/A |
Summary:
A path traversal vulnerability was discovered which potentially allowed for limited traversal of the host server’s filesystem and possible unauthorized access to files readable by the parent process.
Once the vulnerability was reported and validated, steps were immediately taken to address the vulnerability. Furthermore, a full impact analysis was performed to determine if the vulnerability had been exploited.
The Instructure InfoSec team found no evidence of an exploit.
Status:
All vulnerable systems were patched against the vulnerability on the same day it was reported.