Before installing a new plugin (via Marketplace or direct upload), ask again Super User password #13581
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
not-in-changelog
For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
Before installing a new plugin (via Marketplace or direct upload), we should ask again the Super User to enter their password. Since a plugin can easily lead to RCE it is important to ensure that a Logged-in browser cannot be used to install custom plugins.
Similar to #2932
The text was updated successfully, but these errors were encountered: