Are plugins running in some kind of sandbox? If I download and install any plugin from an unknown source, am I exposed to some attacks? Said in another way, can the plugin perform any action with the rights of the user who is running SonarQube? (reading or writing files, opening network connections, etc.)
I could not find any information on this topic, maybe I did not look at the right place.