CVE-2020-5775

MEDIUM5.8EPSS 65.8%

Published: 1/31/2024Modified: 2/19/2024

Description

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.

Affected packages (1)

Bitnami/canvaslms>= 2020-07-29.0.0, <= 2020-07-29.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

References (1)

WEBhttps://www.tenable.com/security/research/tra-2020-49