Summary Unsafe plugins (for instance "sql-list") can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables Details I have an example https://bot20230704.saltcorn.com/view/all_plugins It's publicly accessible (but has not so secure values except list of tenants). But using this mech one can read any data from other tenants. Impact All tenants of installation (i.e. "saltcorn.com"), can be compromised from tenant user has admin access. If an untrusted user has admin rights to a tenant instance, they will be able to install a plug-in that can access information from other tenants Revived after 0.8.7 After patch in 0.8.7 this is not fixed completely. Here are steps to reproduce: 1. Publish to NPM plugin that was not approved by admin (in case of saltcorn.com) by @glutamate. I've just published this one: https://www.npmjs.com/package/saltcorn-qrcode 2. Publish somewhere plugin store that includes plugin from previous step: https://gist.github.com/pyhedgehog/f1fd7cb13f4d0a7ccf6a965748d19bd2 3. Add plugin store link to tenant store. 4. Install plugin. 5. Use it in tenant: https://bot20230704.saltcorn.com/view/testqr_show/1 Here are logic: Unsafe plugins checked against this list: https://github.com/saltcorn/saltcorn/blob/99fe277e497fd193bb070acd8c663aa254a9907c/packages/server/load_plugins.js#L191 But it's under control of tenant admin, not server admin. Proposed login: const safes = getRootState().getConfig("available_plugins",[]).filter(p=>!p.unsafe).map(p=>p.location);