A newly-discovered security flaw in OneDrive’s File Picker feature could expose users’ entire OneDrive content to third-party web applications such as ChatGPT.
The vulnerability, discovered by Oasis Security, allows websites to access a user’s entire OneDrive content, rather than just the specific files selected for upload via the File Picker feature.
Researchers said they believe that hundreds of apps are affected, including ChatGPT, Slack, Trello, and ClickUp – meaning millions of users may already have fallen victim.
The study warned this could lead to serious consequences, including customer data leakage and violation of compliance regulations.
“The official OneDrive File Picker implementation requests read access to the entire drive – even when uploading just a single file – due to the lack of fine-grained OAuth scopes for OneDrive,” the researchers warned.
“While users are prompted to provide consent before completing an upload, the prompt’s vague and unclear language does not communicate the level of access being granted, leaving users open to unexpected security risks.”
This, they said, makes it impossible for users to distinguish between malicious apps that target all files and legitimate apps that ask for extensive permissions simply because there is no other secure option.
Meanwhile, researchers found sensitive secrets used for this access are often stored insecurely by default.
The latest version of OneDrive File Picker – 8.0 – requires developers to handle authentication themselves, typically using the Microsoft Authentication Library (MSAL) and most likely using the Authorization Flow.
However, MSAL stores sensitive tokens in the browser’s session storage in plain text, while with Authorization Flows a Refresh Token may also be issued, lengthening ongoing access to the user’s data.
Notably, OpenAI uses version 8.0 – meaning that ChatGPT could have full read access to users’ entire OneDrive.
How to approach the OneDrive File Picker flaw
Organizations should navigate to the list of enterprise applications in the Entra Admin Center, Oasis advised, and check the permissions granted to each app.
In the case of web apps, if possible they should temporarily remove the option to upload files using OneDrive through OAuth until Microsoft provides a secure alternative.
“Many people forget how vital the data in their OneDrive folders often is – scanned documents that end up in the ‘My Pictures’ or ‘My Documents’ folders may hold the key to one’s credit identity and profile,” cautioned Jamie Boote, associate principal consultant at Black Duck.
“Private medical or banking records may get shuffled in and forgotten about, and private photos that were taken by accident synced from your phone to your computer can all silently file into your OneDrive-enabled folders. Whenever an app asks if you trust it, you’re trusting it with your most precious data.”
Oasis said it had reported the flaw to Microsoft and advised vendors using OneDrive File Picker of the issue. Microsoft, it said, is considering tighter alignment between what OneDrive File Picker does and the access it requires.
