CVE-2013-1830
Description
Moodle fails to enforce the forceloginforprofiles setting in user/view.php, allowing guest users to view sensitive course profiles.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moodle fails to enforce the forceloginforprofiles setting in user/view.php, allowing guest users to view sensitive course profiles.
## Vulnerability user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, permitting unauthorized access to course profile information [1].
Exploitation
An attacker can exploit this by accessing the site as a guest user (no login required) and using a search engine or direct URL to user/view.php to view course profiles, bypassing the intended privacy setting [1].
Impact
Successful exploitation allows an attacker to obtain sensitive course-profile information, such as user details and course enrollments, violating privacy controls [1].
Mitigation
The issue is fixed in Moodle versions 2.2.8, 2.3.5, and 2.4.2 [1]. Users should upgrade to the latest patched versions. No workaround is mentioned in the references [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | <= 2.1.10 | — |
moodle/moodlePackagist | >= 2.2.0, < 2.2.8 | 2.2.8 |
moodle/moodlePackagist | >= 2.3.0, < 2.3.5 | 2.3.5 |
moodle/moodlePackagist | >= 2.4.0, < 2.4.2 | 2.4.2 |
Affected products
104cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*+ 100 more
- cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.5.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.14:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.15:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.18:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Patches
13ecc63e9dbe2MDL-37481 user: fixed bug when logged in as guest
1 file changed · +7 −1
user/view.php+7 −1 modified@@ -57,7 +57,13 @@ } if (!empty($CFG->forceloginforprofiles)) { - require_login(); // we can not log in to course due to the parent hack below + require_login(); // We can not log in to course due to the parent hack below. + + // Guests do not have permissions to view anyone's profile if forceloginforprofiles is set. + if (isguestuser()) { + $SESSION->wantsurl = $PAGE->url->out(false); + redirect(get_login_url()); + } } $PAGE->set_context($coursecontext);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.htmlnvdThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.htmlnvdThird Party AdvisoryWEB
- openwall.com/lists/oss-security/2013/03/25/2nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-8r7x-qq55-74v2ghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2013-1830ghsaADVISORY
- github.com/moodle/moodle/commit/3ecc63e9dbe29c6a5a8f65fa8e7980ba0fffb5a8ghsaWEB
News mentions
0No linked articles in our index yet.