Tag
edx-enterprise versions 7.0.2 through 7.0.4 are vulnerable to server-side request forgery (SSRF) via a SAML metadata URL in the `sync_provider_data` endpoint, allowing an authenticated Enterprise Admin to trigger arbitrary HTTP requests from the server.