VDB
GCVE-110-CLOUD-2023-0023
GCVE-110-CLOUD-2023-0023
Advisory Published
Secureworks researchers discovered an Azure AD application with an abandoned reply URL related to Microsoft Power Platform. An attacker could leverage this URL to redirect authorization codes, exchange them for access tokens, and call Power Platform API via a middle-tier service to obtain elevated privileges. Microsoft quickly addressed the issue by removing the identified abandoned reply URL from the Azure AD application.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Cloud Services | — | — |
| Azure | Power Platform, Azure Active Directory | — | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.