Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File,
Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool.
« This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
« This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
,
Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool.
« This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
« This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
, ,
https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html