Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Password reset token leaking to github #376
While on the reset password page if the user clicks on the "The source code is available at GitHub" button the request to github.com leaks the full URL in the referrer. This is benign in most cases. But in this page it exposes the secret password reset link.
This has a very low impact:
This vulnerability has been reported through the Bug bounty program