Upstream information
Description
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry: 1255012 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Mon Dec 15 16:10:30 2025CVE page last modified: Mon Dec 15 21:40:27 2025