Vendor
Any authenticated user can escalate to ADMIN on Actual servers migrated from password authentication to OpenID Connect by exploiting a lack of authorization checks, orphaned password rows, and client-controlled login methods, leading to full administrative privileges.