Recent "Shibboleth" plugin vulnerabilities / Does it affect me?

Recent "Shibboleth" plugin vulnerabilities / Does it affect me?

by Gerardo Coto -
Number of replies: 4

Hello.


I recently read about the vulnerabilities for the "Shibboleth" plugin and how its important to update to the latest Moodle version in order to avoid them.


By default that plugin is disabled in my Moodle and i do not use it (i am assuming because is disabled) so i was wondering if the fact that it is disabled means that it does not affect me, is that correct?. I am asking because an update would require a lot of preparation because my Moodle is kinda big now.

Is it necessary for me to update because of the "Shibboleth" vulnerabilities even though it is disabled?

Thank you very much!


My Moodle version: 3.11.2+

Hosted in cPanel on BlueHost.

Average of ratings: -
In reply to Gerardo Coto

Re: Recent "Shibboleth" plugin vulnerabilities / Does it affect me?

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I'm going to suggest that you'll be fine.
Average of ratings: Useful (1)
In reply to Howard Miller

Re: Recent "Shibboleth" plugin vulnerabilities / Does it affect me?

by Gerardo Coto -
Alright, I will not update the Moodle then, I will do it in a couple months as scheduled originally.
Thank you!
Average of ratings: -
In reply to Gerardo Coto

Re: Recent "Shibboleth" plugin vulnerabilities / Does it affect me?

by Michael Hawkins -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Testers
Hi Gerardo,

Howard is correct, those issues published relating to Shibboleth only affect sites with that authentication plugin enabled. If you aren't using Shibboleth and want to confirm it's disabled, you can check at <your-moodle-site>/admin/settings.php?section=manageauths (when logged in as a site admin).


Average of ratings: Useful (1)
In reply to Michael Hawkins

Re: Recent "Shibboleth" plugin vulnerabilities / Does it affect me?

by Gerardo Coto -
Hi.

Thanks for the link, I verified and it is disabled as i suspected, so no problem.
Alright, good to know it only affects the systems that uses it.

Thank you very much!
Average of ratings: -