A new report from Oasis Security reveals a critical security flaw in Microsoft's OneDrive File Picker, exposing users to significant data privacy and access control risks. The issue stems from over-permissioned OAuth scopes, which give third-party applications broad access to a user's entire OneDrive, even when only a single file is intended for upload.
This vulnerability affects a wide range of commonly used apps, including Slack, ChatGPT, Trello, and ClickUp, and highlights broader concerns in API security, token handling, and user consent design.
Misleading consent and broad OAuth access
At the core of the problem is a deceptive user experience. While users believe they are granting access to a single file, the File Picker integration often enables the application to read, or even modify, the entirety of the user's OneDrive content.
"It's a classic case of over-permissioned OAuth scopes combined with a misleading consent flow," says Vijay Dilwale, Principal Security Consultant at Black Duck. "This design creates unnecessary exposure for both individuals and organizations, especially when third-party apps are involved."
Once these permissions are granted, access tokens remain active for at least one hour and can be refreshed for extended sessions. This creates a window of risk not just for the file shared, but for everything stored in the user's drive.
Insecure token storage and API access risk
Beyond permissions, the report also highlights insecure token storage practices. Older versions of the OneDrive File Picker (6.0 through 7.2) stored access tokens in browser localStorage or exposed them via URL fragments. Even the latest version (8.0) stores tokens in sessionStorage in plain text, creating a potential exploit vector.
"This is a major API security challenge," says Eric Schwake, Director of Cybersecurity Strategy at Salt Security. "Broad access is allowed without clear user awareness, as consent language is vague. With Agentic AI systems like ChatGPT relying on APIs to handle user data, wide-ranging access poses an even greater risk."
These findings underscore the need for secure API design and rigorous token governance, especially in environments where third-party applications handle sensitive data.
Enterprise recommendations for reducing risk
For enterprise security teams, this flaw provides a timely opportunity to reassess how cloud storage integrations are managed across the organization.
"Security teams should enforce admin consent or conditional access policies to block apps requesting anything beyond Files.Read," says Jason Soroko, Senior Fellow at Sectigo. "They should also audit app registrations, disable high-risk scopes, and re-authorize applications using the least-privilege alternatives."
Soroko also recommends enabling Continuous Access Evaluation in Entra ID, requiring short-lived tokens, and monitoring Graph API logs for unusual OneDrive access patterns, especially in multi-tenant environments where token reuse could expose large volumes of data.
Rethinking trust and data exposure
This vulnerability is also a reminder of how easily users may misjudge what they are agreeing to. The act of clicking "Accept" on a consent screen often comes without full awareness of the data being shared or the long-term implications of that decision.
"Good cybersecurity hygiene isn't just about keeping bad actors out," says Jamie Boote, Associate Principal Security Consultant at Black Duck. "It's about making more intelligent decisions about who you let in—and how far in they can get."
Boote warns that many users don't realize how sensitive the data in their OneDrive accounts may be: scanned IDs, tax documents, medical records, synced photos, and banking info often reside in these folders by default. Granting full drive access, even unintentionally, could expose this information to risk of theft or misuse.
What end-users, developers, and organizations can do
For end-users:
For organizations:
-
Use Entra Admin Center to audit app scopes.
-
Require admin consent for third-party app access.
-
Enable token protection and configure short token lifetimes.
For developers:
-
Avoid requesting refresh tokens or Files.ReadWrite.All scopes unless absolutely necessary.
-
Store access tokens securely (encrypted and short-lived).
-
Implement file-scoped permissions where supported by Microsoft Graph.
Microsoft's response
Microsoft has acknowledged the issue and is reportedly evaluating changes to better align File Picker behavior with user expectations and least-privilege design. No patch or official fix has been released, but security professionals continue to call for more granular OAuth scopes and more precise user consent language across Microsoft 365 integrations.
To learn more, read the complete research from Oasis Security: ChatGPT & other web apps may have full read access to your entire OneDrive.
Follow SecureWorld News for more stories related to cybersecurity.
