GHSA-2r2v-9pf8-6342

Suggest an improvement
Source
https://github.com/advisories/GHSA-2r2v-9pf8-6342
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-2r2v-9pf8-6342/GHSA-2r2v-9pf8-6342.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2r2v-9pf8-6342
Aliases
Published
2025-01-07T15:52:16Z
Modified
2025-01-08T19:42:21.896344Z
Summary
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover
Details

Impact

Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.

Patches

The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' built from the master branch also include the fix.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [],
    "nvd_published_at": null,
    "github_reviewed_at": "2025-01-07T15:52:16Z",
    "severity": "HIGH"
}
References

Affected packages

Go / github.com/h44z/wg-portal

Package

Name
github.com/h44z/wg-portal
View open source insights on deps.dev
Purl
pkg:golang/github.com/h44z/wg-portal

Affected ranges

Type
SEMVER
Events
Introduced
2.0.0-alpha.1
Fixed
2.0.0-alpha.3

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-2r2v-9pf8-6342/GHSA-2r2v-9pf8-6342.json"