winboat icon indicating copy to clipboard operation
winboat copied to clipboard
verified publisher icon TibixDev

[Bug] WinBoat exposes ports on all interfaces

Open TatoExp opened this issue 2 months ago • 1 comments

What version of WinBoat are you running?

0.8.7

Your Environment

Distro

Ubuntu 24.04.3 LTS

Issue

Winboat exposes all used ports on all interfaces, i.e. making the container accessible from outside the local PC. This poses a security vulnerability, especially during the initial setup process as a malicious user could interfere and take control.

Steps to Reproduce / Context

Run winboat, access ports from outside local PC.

Logs

N/A

Expected Behavior

Ports should only be exposed on 127.0.0.1

Current Behavior

Ports exposed on all interfaces

Possible Solution

It seems the offending code is here: https://github.com/TibixDev/winboat/blob/main/src/renderer/lib/install.ts#L44

It should be as simple as updating this to be 127.0.0.1:PORT explicitly. I am happy to make the change myself, just not sure of any knock on effects, I suspect none but I'm not sure.

Quality Notice

  • [x] I have checked the issue tracker and verified that this bug is a unique case.

TatoExp avatar Oct 27 '25 14:10 TatoExp

Hi! I submitted a fix for this issue! #424

bloopybae avatar Oct 27 '25 14:10 bloopybae

This got resolved in #327

Levev avatar Nov 22 '25 03:11 Levev