Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ycjJ2LTlwZjgtNjM0Ms4ABDCw
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover
Impact
Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.
Patches
The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' built from the master branch also include the fix.
Permalink: https://github.com/advisories/GHSA-2r2v-9pf8-6342JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycjJ2LTlwZjgtNjM0Ms4ABDCw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 16 days ago
Updated: 16 days ago
Identifiers: GHSA-2r2v-9pf8-6342
References:
- https://github.com/h44z/wg-portal/security/advisories/GHSA-2r2v-9pf8-6342
- https://github.com/h44z/wg-portal/commit/62dbdfe0f96045d46e121d509fc181fbb7936895
- https://github.com/advisories/GHSA-2r2v-9pf8-6342
Blast Radius: 1.0
Affected Packages
go:github.com/h44z/wg-portal
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 2.0.0-alpha.1, < 2.0.0-alpha.3
Fixed in: 2.0.0-alpha.3
All affected versions:
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.16, 1.0.17, 1.0.18, 1.0.19