Product
critical
advisory
Patreon OAuth Provider ID Collision Vulnerability in go-pkgz/auth
2 rules 1 TTPThe Patreon OAuth provider in go-pkgz/auth and go-pkgz/auth/v2 maps every authenticated Patreon account to the same local user ID, leading to cross-account access, privilege confusion, and subscription-state leakage.
auth +1
authentication
oauth
id_collision
vulnerability
2r
1t
critical
advisory
Patreon OAuth Provider ID Collision Vulnerability in go-pkgz/auth
2 rules 1 TTPThe Patreon OAuth provider in go-pkgz/auth and go-pkgz/auth/v2 maps every authenticated Patreon account to the same local user ID, leading to cross-account access, privilege confusion, and subscription-state leakage.
auth +1
authentication
oauth
id_collision
vulnerability
2r
1t