CVE-2020-5775
MEDIUM EXPLOITED NUCLEICanvas LMS 2020-07-29 - Unauthenticated Server-Side Request Forgery
Title source: llmExploitation Summary
CVE-2020-5775 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
Nuclei Templates (1)
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery
MEDIUMby alph4byt3
References (1)
Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2020-49
Scores
CVSS v3
5.8
EPSS
0.0653
EPSS Percentile
92.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Details
VulnCheck KEV
2024-01-22
CWE
CWE-918
Status
published
Products (1)
instructure/canvas_learning_management_service
2020-07-29
Published
Aug 21, 2020
Tracked Since
Feb 18, 2026