How Moodle Stays Ahead Of The Curve In Data Protection

How Moodle Stays Ahead Of The Curve In Data Protection

--- Advertisement ---

Connected 2023
Connected Conference OpenLMS

Cybersecurity is the fastest rising concern across IT departments everywhere, and it has a special place for administrators of schools, colleges, and other learning organizations. But if your organization’s learning platform runs on Moodle, you might have less to worry about.

Recently, Moodle HQ Development Process Manager Marina Glancy announced the identification of two vulnerabilities in the Moodle code, which were readily patched:

  • MSA-18-0001: Server Side Request Forgery in the filepicker. A loophole in AJAX, a series of techniques that allow updating parts of a web page with new information without having to reload everything, allows any logged in user to get any valid URL of the site. Cloud-based Moodle sites were particularly at risk. Identified and patched on January 22.
  • MSA-18-0002: Setting for blocked hosts list can be bypassed with multiple A record hostnames. A safeguard put in place in Moodle 3.2, namely the “cURL blocked hosts list” that prevented access from direct URL addresses by certain user roles, seems able to be superseded by DNS manipulation. Identified and patched on January 22.

Make sure your site is updated to the latest build of your Moodle version to ensure it is properly patched. If possible, upgrade to Moodle 3.4.1.

Stay on top of security patches and updates on the Moodle “Security announcements” forum and at

eThink LogoThis Moodle Practice related post is made possible by: eThink Education, a Certified Moodle Partner that provides a fully-managed Moodle experience including implementation, integration, cloud-hosting, and management services. To learn more about eThink, click here.

One Response

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Dive Deeper On

The Latest

The eLearn Podcast

Connected Conference OpenLMS

--- Advertisement ---

Post Pages - Sidebar 4 - CourseMerchant

--- Advertisement ---

Post Pages - Sidebar 7 - Titus Learning

--- Advertisement ---

Post Pages - Sidebar 5 - Edwiser (RemUI)

Subscribe to our newsletter

Education technology has the power to change lives. 

To get the latest news, information and resources about online learning from around the world by clicking on the button below.