Matomo icon Matomo HackerOne

Target Policy
https://hackerone.com/matomo?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • https://api.matomo.org/
    URL
    none
  • https://matomo.cloud/

    Matomo Analytics Cloud
    *$username.matomo.cloud* is also in scope, but please limit tests to ones that don't affect the live instance. (no automated tools) You can easily set up your own Matomo instance for extensive testing (see https://matomo.org/docs/installation/)

    URL
    critical
  • https://plugins.matomo.org/

    The Matomo Marketplace Platform is excluded from this bug bounty

    URL
    none
  • https://matomo.org/

    Project website

    URL
    none
  • https://forum.matomo.org/

    Please don't post test posts on the forum.
    The forum is using discourse, so please report any security issues [on their bug bounty](https://hackerone.com/discourse)

    URL
    none
  • https://shop.matomo.org/
    URL
    none
  • https://plugins.matomo.org/developer/innocraft

    Official plugins by Innocraft

    SOURCE_CODE
    critical
  • org.piwik.mobile2

    Matomo Mobile 2 Android App
    Only critical issues compromising the token are in scope.

    GOOGLE_PLAY_APP_ID
    medium
  • 737216887

    Matomo Mobile 2 iOS App
    Only critical issues compromising the token are in scope.

    APPLE_STORE_APP_ID
    medium
  • https://github.com/matomo-org/docker

    Official Docker project for Matomo Analytics

    URL
    critical
  • https://github.com/innocraft/

    All other software on the innocraft GitHub organisation

    SOURCE_CODE
    high
  • https://plugins.matomo.org/developer/matomo-org

    Official plugins by the Matomo team

    SOURCE_CODE
    critical
  • https://github.com/matomo-org

    All other software on the matomo-org GitHub organisation

    SOURCE_CODE
    high
  • matomo.cloud

    Matomo Analytics Cloud
    *$username.matomo.cloud* is also in scope, but please limit tests to ones that don't affect the live instance. (no automated tools) You can easily set up your own Matomo instance for extensive testing (see https://matomo.org/docs/installation/)

    URL
    critical
  • https://github.com/matomo-org/matomo

    this repository contains the source code of Matomo Analytics

    SOURCE_CODE
    critical
Target Scope Domains
  • matomo.cloud
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 27.78 Minutes
  • Finished: 1 year, 1 month ago