Skip to content

Before installing a new plugin (via Marketplace or direct upload), ask again Super User password #13581

New issue
New issue
Closed
#14387
Closed
Before installing a new plugin (via Marketplace or direct upload), ask again Super User password#13581
#14387
Assignees
katebutler
Labels
c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.not-in-changelogFor issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
3.10.0
@mattab

Description

@mattab
mattab
opened on Oct 11, 2018

Before installing a new plugin (via Marketplace or direct upload), we should ask again the Super User to enter their password. Since a plugin can easily lead to RCE it is important to ensure that a Logged-in browser cannot be used to install custom plugins.

Similar to #2932

Metadata

Metadata

Assignees

Labels

c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.not-in-changelogFor issues or pull requests that should not be included in our release changelog on matomo.org.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions