rate limit scheduled email reports #14513
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
Email reports in Matomo can be abused to send many emails. For example by creating a scheduled email report, then adding a few dozens (or more) email addresses (for example fake, or real), and then clicking "Send Report Now". The email report will be sent to all email addresses. The button can be clicked again and again. This fake email can be triggered every day as well.
Somehow it would be good to implement rate limiting. But not sure how the rate limiting should work...
See also #13813
The text was updated successfully, but these errors were encountered: