Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it.
“The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors,” the tech giant said. “The potential impact could be unintended information disclosure if secrets or other sensitive information were embedded in the Custom Code function.”
The company further noted that no customer action is required and that it found no evidence of active exploitation of the vulnerability in the wild.
Tenable, which initially discovered and reported the shortcoming to Redmond on March 30, 2023, said the problem could enable limited, unauthorized access to cross-tenant applications and sensitive data.
images from Hacker News