Yl4579

**Name of the Vulnerable Software and Affected Versions** Instructure Canvas LMS (affected versions not specified) **Description** The issue concerns improper access control in Instructure Canvas LMS, where unprivileged users can access locked or unpublished files through the DocViewer based file preview URL, referred to as `canvadoc session url`. This allows unauthorized access to sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.