mr-n30 idor fix media tracks controller

instructure / canvas-lms

The open LMS by Instructure, Inc.

https://github.com/instructure/canvas-lms/wiki

GNU Affero General Public License v3.0

5.42k stars 2.42k forks source link

mr-n30 idor fix media tracks controller #2209

Closed mr-n30 closed 1 year ago

mr-n30 commented 1 year ago

Please see Bugcrowd for PoC of this vulnerability.

Best regards.

CLAassistant commented 1 year ago

All committers have signed the CLA.

rmsy commented 1 year ago

Hi @mr-n30, security vulnerabilities should only be reported through Bugcrowd -- never publicly. If possible, could you please delete your fork with the fix until we've had time to review and address your report?

mr-n30 commented 1 year ago

Hi @mr-n30, security vulnerabilities should only be reported through Bugcrowd -- never publicly. If possible, could you please delete your fork with the fix until we've had time to review and address your report?

Hello @rmsy I've deleted the fork with the fix.