2 matches found
CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...
Server-side Request Forgery (SSRF)
Overview edx-enterprise is a Your project description goes here Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the syncproviderdata function. An attacker can cause the server to make arbitrary HTTP requests to internal or external resources by supplying a...