Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed directly to requests.get() in fetch_metadata_xml() without any URL validation, IP filtering, or scheme enforcement. An attacker with Enterprise Admin privileges can force the server to make HTTP requests to internal network services, cloud metadata endpoints (e.g., AWS 169.254.169.254), or other attacker-controlled destinations. This vulnerability is fixed by commit 6fda1f120ff5a590d120ae1180185525f399c6d0 and 70a56246dd9c9df57c596e64bdd8a11b1d9da054.
AnalysisAI
Server-side request forgery (SSRF) in Open edX Platform allows authenticated Enterprise Admin users to force the application server to make HTTP requests to arbitrary internal network resources, cloud metadata endpoints (AWS 169.254.169.254), or external attacker-controlled hosts via the sync_provider_data SAML configuration endpoint. The unvalidated metadata_url parameter is passed directly to requests.get() without IP filtering or URL scheme enforcement, enabling internal network reconnaissance, credential theft from cloud metadata services, and potential lateral movement. Fixed in commits 6fda1f120ff and 70a56246dd9. EPSS data not available; no confirmed active exploitation at time of analysis.
Technical ContextAI
Open edX Platform is an open-source learning management system (LMS) used by educational institutions and enterprises for online course delivery. The vulnerability exists in the SAMLProviderDataViewSet's sync_provider_data endpoint, which accepts a metadata_url parameter to fetch SAML identity provider metadata. The fetch_metadata_xml() function uses Python's requests library to retrieve XML from the supplied URL without validating the destination. This implements CWE-918 (Server-Side Request Forgery), a critical web application security flaw where user-supplied URLs are processed server-side without proper validation. SSRF vulnerabilities are particularly dangerous in cloud environments where metadata endpoints (AWS 169.254.169.254, GCP metadata.google.internal, Azure 169.254.169.254) expose instance credentials, API keys, and configuration data. The CVSS vector S:C (Scope Changed) indicates the vulnerability can impact resources beyond the vulnerable component's authorization scope, consistent with SSRF attacks that breach trust boundaries between the web application and internal network segments. The fix introduces a SAML_METADATA_URL_ALLOW_PRIVATE_IPS toggle (default: False) to block requests to RFC 1918 private IP ranges, loopback addresses, and link-local addresses, though the commit diff shows this is configuration-based defense rather than mandatory enforcement.
RemediationAI
Apply patches by upgrading to Open edX Platform versions containing commits 6fda1f120ff5a590d120ae1180185525f399c6d0 and 70a56246dd9c9df57c596e64bdd8a11b1d9da054 or later from the upstream repository at https://github.com/openedx/openedx-platform. After patching, review the SAML_METADATA_URL_ALLOW_PRIVATE_IPS setting in openedx/envs/common.py - the fix introduces this toggle with a secure default (False) that blocks private IP ranges, but operators must verify it remains disabled in production configurations. For deployments unable to immediately patch, implement network-level controls: configure egress firewall rules to block outbound HTTP/HTTPS from the Open edX application server to RFC 1918 private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), link-local (169.254.0.0/16), and cloud metadata endpoints (169.254.169.254/32). This mitigation breaks legitimate SAML metadata retrieval from internal identity providers, requiring manual metadata file uploads instead of URL-based sync. Alternatively, restrict Enterprise Admin role assignment to only highly trusted users and audit existing role grants via Django admin - this reduces attack surface but does not eliminate risk if any Enterprise Admin account is compromised. Monitor application logs for sync_provider_data POST requests with suspicious metadata_url values (internal IPs, localhost, cloud metadata URIs) as indicators of exploitation attempts. Full advisory and patch details at https://github.com/openedx/openedx-platform/security/advisories/GHSA-328g-7h4g-r2m9.
More in Openedx Platform
View allSame weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29166