VDB

GCVE-110-CLOUD-2023-0023

GCVE-110-CLOUD-2023-0023
Advisory Published
Vulnetix · Advisory published August 24, 2023
Secureworks researchers discovered an Azure AD application with an abandoned reply URL related to Microsoft Power Platform. An attacker could leverage this URL to redirect authorization codes, exchange them for access tokens, and call Power Platform API via a middle-tier service to obtain elevated privileges. Microsoft quickly addressed the issue by removing the identified abandoned reply URL from the Azure AD application.

Affected Products

VendorProductVersionsPlatforms
AzureCloud Services
AzurePower Platform, Azure Active Directory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›