Описание
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.
Уязвимые конфигурации
Конфигурация 1Версия до 2015-01-27 (включая)
cpe:2.3:a:edx:open_edx:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00336
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.
EPSS
Процентиль: 56%
0.00336
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200