Impact
Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.
Patches
The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' built from the master branch also include the fix.
Impact
Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website.
Patches
The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' built from the master branch also include the fix.