Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugins can be enumerated if you know their file paths #14806

Closed
sixcorners opened this issue Aug 25, 2019 · 1 comment
Closed

plugins can be enumerated if you know their file paths #14806

sixcorners opened this issue Aug 25, 2019 · 1 comment
Labels
answered For when a question was asked and we referred to forum or answered it.
Milestone
3.12.0

Comments

@sixcorners
Copy link

Links like this:
https://matomo.asdf/plugins/BotTracker/plugin.json
resolve and show what plugins you have installed.
It would be nice if this wasn't exposed.
@tsteur
Copy link
Member

tsteur commented Aug 25, 2019

Hi there, if that's an issue for you (eg if you consider this a security issue), you could simply disallow requests to plugin.json and other files in plugins (php, js, ...) Images you would likely still need to allow though. In general we have no plans of changing anything there and will close therefore.

@tsteur tsteur closed this as completed Aug 25, 2019
@tsteur tsteur added the answered For when a question was asked and we referred to forum or answered it. label Aug 25, 2019
@mattab mattab added this to the 3.12.0 milestone Oct 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
3.12.0
Development

No branches or pull requests
3 participants
@tsteur @mattab @sixcorners