GHSA-2r2v-9pf8-6342: WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

January 7, 2025

Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.

References

github.com/advisories/GHSA-2r2v-9pf8-6342
github.com/h44z/wg-portal
github.com/h44z/wg-portal/commit/62dbdfe0f96045d46e121d509fc181fbb7936895
github.com/h44z/wg-portal/security/advisories/GHSA-2r2v-9pf8-6342

Code Behaviors & Features

Detect and mitigate GHSA-2r2v-9pf8-6342 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →