The following people identified security bugs within the Open edX code base. We really appreciate their hard work. If you find a security bug, please e-mail [email protected].
|Smit B. Shah & Nikhil Srivastava||Cross Domain Referer Leakage via Social Follow Us Links|
|Techdefence Labs||Severity: High|
|Password reset tokens were forwarded to 3rd party social networks in the HTTP referral header. To read more about why this is significant, see CVE-2015-2286.|