You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BugFor errors / faults / flaws / inconsistencies etc.wontfixIf you can reproduce this issue, please reopen the issue or create a new one describing it.
The site manager page may be accessible, but it doesn’t display any site information to which the anonymous user has ‘no access’. I suppose we could restrict access to even this page.
The feedback module is for the public to submit feedback. If you read the plugin description from the plugin admin screen, it reads:
```
Send your Feedback to the Piwik Team in one click. Share your ideas and suggestions with us! By Piwik.
```
BugFor errors / faults / flaws / inconsistencies etc.wontfixIf you can reproduce this issue, please reopen the issue or create a new one describing it.
Anonymous users can still access the site management section of Piwik even when they have been restricted with ‘No Access’
Calling the URL’s;
/index.php?module=SitesManager&action=displayJavascriptCode&idsite=1
/index.php?module=SitesManager&action=index&idsite=1
/index.php?module=Feedback&action=index&idsite=1&keepThis=true&TB_iframe=true&height=400&width=350
Will all display results with out authentication.
Other pages maybe affected, but these are the ones I know of.
The data exposed isn’t critical but still poses a minor security issue.
The text was updated successfully, but these errors were encountered: