CVE-2015-2286 in edx-platform
Resumen (Inglés)
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Reservar
2015-03-12
Divulgación
2016-03-19
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 81390 | Open edX edx-platform Password Reset footer-edx-new.html divulgación de información | 200 | No está definido | Arreglo oficial | CVE-2015-2286 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV