Microsoft OneDrive file picker exposes a serious security vulnerability: uploading a single file can obtain full cloud disk permissions

Serious Security Vulnerability Exposed in Microsoft OneDrive File Picker: Uploading a Single File Can Grant Full Cloud Disk Permissions

The security research team Oasis has disclosed that there are issues of overly broad OAuth permission scope and misleading user authorization interface in the Microsoft OneDrive file picker. Attackers can use this to enable websites or applications to obtain complete cloud disk access permissions of users, even if the user only selects to upload a single file. This vulnerability affects multiple applications that integrate OneDrive, including ChatGPT, Slack, Trello, ClickUp, etc.

The cause of the vulnerability lies in the lack of fine - grained OAuth authorization in OneDrive. It only provides full - disk read permissions, and the authorization pop - up prompt is vague, making it difficult for users to be aware of the actual risks. The report also points out that authorization tokens are usually stored in plaintext in the browser session storage, posing a risk of being stolen. Moreover, the refresh token mechanism allows applications to continuously access user data, increasing security risks.

Microsoft has confirmed the issue but has not fixed it yet. The research team suggests temporarily disabling the OneDrive file upload function via OAuth, or avoiding the use of refresh tokens, and ensuring that tokens are stored securely and destroyed in a timely manner.

The Hacker News

📮Contribution ☘️Channel 🧧JD.com

via Tech Circle🎗 Zaihua Channel📮 - Telegram Channel