Disclosure of an OIDC misconfiguration in a public GitHub repository leading to access to confidential private data. Specifics kept private at the request of the programme team.