Community

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2020-08-11 Instructure Advisory IAC32279 - Oembed API Blind SSRF Vulnerability

mspencer_inst
Instructure
Instructure
1 0 1,111
‎08-11-2020 03:37 PM

    SECURITY UPDATE

 Canvas + Logo transparent (WHITE)- 300px.png

 

  Release Date: 2020-08-11
  Description:

Oembed API Blind SSRF Vulnerability
  Criticality Level: Medium   ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:

Unauthenticated Blind SSRF (Server Side Request Forgery)
  Systems Affected: Canvas LMS
  Solution Status: Patched
  Discovered By:

Tenable Security
  Relevant Changesets:

Require signed token for oembed embedding · instructure/canvas-lms/commit/d225ea1c · GitHub 

 

Summary:

An unauthenticated blind SSRF (Server Side Request Forgery) vulnerability was identified and disclosed by a Tenable Security researcher. The vulnerability is due to not requiring LTI tools to sign requests to the server, allowing crafted API calls from end users to query arbitrary hosts. Host responses are not returned to the client.

Status:

Canvas code changes were committed 8/5/2020 to master. This fix is a breaking change set. Canvas is following the regular release process to allow LTI tool owners time to make necessary changes.

Labels
Tags (1)
About the Author

mspencer_inst

An amazing Canvas Community member!

Labels