Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-2r2v-9pf8-6342: WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

Impact

Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.

Patches

The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag ‘latest’ built from the master branch also include the fix.

ghsa
Open in Source
#vulnerability#web#git#oauth#auth#docker
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-2r2v-9pf8-6342

WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

High severity GitHub Reviewed Published Jan 7, 2025 in h44z/wg-portal • Updated Jan 7, 2025

Package

gomod github.com/h44z/wg-portal (Go)

Affected versions

>= 2.0.0-alpha.1, < 2.0.0-alpha.3

Patched versions

2.0.0-alpha.3

Impact

Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.

Patches

The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag ‘latest’ built from the master branch also include the fix.

References

  • GHSA-2r2v-9pf8-6342
  • h44z/wg-portal@62dbdfe

Published to the GitHub Advisory Database

Jan 7, 2025

ghsa: Latest News

GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling
ghsa