OAuth Scope Upgrade Attack in Todoist
An OAuth flow vulnerability in Todoist where a malicious third-party app could trick users into granting higher privileges than displayed on the consent screen.
3 minute
OAuth
Privilege Escalation