SECURITY UPDATE |  |
| Release Date: | 2014-11-25 (Last update can be found below the document title) |
| Description: | CSRF and XSS vulnerability within Canvas |
| Criticality Level: | Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: | Insertion and execution of arbitrary HTML code |
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | Reported by customer via a third-party security assessment |
| Relevant Changesets: |
Summary:
During a routine security audit of the Canvas code base and platform performed by a third party at the request of a csutomer, a cross site forgery request vulnerability was identified. Once identified and confirmed, the vulnerability was verified, confirmed and patched by the Instructure engineering team.
Status:
All systems were patched as of 17:53 MT on 11/19/2014
