2026-03-20 13:02:07
rapid7
PUBLISHED
An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.