Refine your search
2 vulnerabilities found for openedx-platform by openedx
CVE-2026-35404 (GCVE-0-2026-35404)
Vulnerability from cvelistv5
Published
2026-04-06 21:22
Modified
2026-04-07 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openedx | openedx-platform |
Version: < 76462f1e5fa9b37d2621ad7ad19514b403908970 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35404",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T16:17:36.155139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T16:17:47.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openedx-platform",
"vendor": "openedx",
"versions": [
{
"status": "affected",
"version": "\u003c 76462f1e5fa9b37d2621ad7ad19514b403908970"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T21:22:29.562Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openedx/openedx-platform/security/advisories/GHSA-2843-x998-f8r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openedx/openedx-platform/security/advisories/GHSA-2843-x998-f8r2"
},
{
"name": "https://github.com/openedx/openedx-platform/commit/76462f1e5fa9b37d2621ad7ad19514b403908970",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openedx/openedx-platform/commit/76462f1e5fa9b37d2621ad7ad19514b403908970"
}
],
"source": {
"advisory": "GHSA-2843-x998-f8r2",
"discovery": "UNKNOWN"
},
"title": "Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35404",
"datePublished": "2026-04-06T21:22:29.562Z",
"dateReserved": "2026-04-02T17:03:42.074Z",
"dateUpdated": "2026-04-07T16:17:47.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34736 (GCVE-0-2026-34736)
Vulnerability from cvelistv5
Published
2026-04-02 18:29
Modified
2026-04-03 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users (documented behavior) and the activation_key being exposed in the REST API response at /api/user/v1/accounts/. This issue has been patched in the ulmo release.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openedx | openedx-platform |
Version: >= maple, < ulmo |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T15:48:43.267069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T16:08:43.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openedx-platform",
"vendor": "openedx",
"versions": [
{
"status": "affected",
"version": "\u003e= maple, \u003c ulmo"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users (documented behavior) and the activation_key being exposed in the REST API response at /api/user/v1/accounts/. This issue has been patched in the ulmo release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:29:01.740Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openedx/openedx-platform/security/advisories/GHSA-m6rg-rp98-4crw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openedx/openedx-platform/security/advisories/GHSA-m6rg-rp98-4crw"
},
{
"name": "https://github.com/openedx/openedx-platform/commit/ad342ae16e6af0b46460ca05f47697ac755feba8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openedx/openedx-platform/commit/ad342ae16e6af0b46460ca05f47697ac755feba8"
}
],
"source": {
"advisory": "GHSA-m6rg-rp98-4crw",
"discovery": "UNKNOWN"
},
"title": "Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34736",
"datePublished": "2026-04-02T18:29:01.740Z",
"dateReserved": "2026-03-30T18:41:20.754Z",
"dateUpdated": "2026-04-03T16:08:43.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}