Описание
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover
Impact
Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.
Patches
The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' built from the master branch also include the fix.
Пакеты
Наименование
github.com/h44z/wg-portal
go
Затронутые версииВерсия исправления
>= 2.0.0-alpha.1, < 2.0.0-alpha.3
2.0.0-alpha.3