Описание
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Summary
An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint.
Patches
The problem was fixed in the latest release, v2.1.2. The docker images for the tag 'latest' built from the master branch also include the fix.
Пакеты
Наименование
github.com/h44z/wg-portal
go
Затронутые версииВерсия исправления
<= 2.1.1
2.1.2
6.1 Medium
CVSS3
Дефекты
CWE-601
6.1 Medium
CVSS3
Дефекты
CWE-601