Tag
Laravel Passport before v13.7.1 allows an authentication bypass via client credentials tokens, where a client's identifier can be used to impersonate a user if `Passport::$clientUuids` is set to false or the EnsureClientIsResourceOwner middleware is in use.