CVE-2020-5775
MEDIUM EXPLOITED NUCLEICanvas LMS 2020-07-29 - SSRF
Title source: llmDescription
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
Nuclei Templates (1)
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
MEDIUMby alph4byt3
Scores
CVSS v3
5.8
EPSS
0.7076
EPSS Percentile
98.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Details
VulnCheck KEV
2024-01-22
CWE
CWE-918
Status
published
Products (1)
instructure/canvas_learning_management_service
2020-07-29
Published
Aug 21, 2020
Tracked Since
Feb 18, 2026