Filtered by vendor Matomo
Subscriptions
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-12215 | 1 Matomo | 1 Matomo | 2024-08-05 | N/A |
A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities. | ||||
CVE-2020-29578 | 1 Matomo | 1 Piwik Fpm-alpine Docker Image | 2024-08-04 | 9.8 Critical |
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access. | ||||
CVE-2022-33156 | 1 Matomo | 1 Integration | 2024-08-03 | 6.1 Medium |
The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. |