Excessive permissions and ambiguous consent statements may provide web apps uploading files to OneDrive with read access to all user files rather than just those concerned. 

The issue stems from an insufficiently fine-grained OAuth scope for OneDrive. This leads OneDrive’s File Picker to request read access to all the user’s files rather than the file or files currently being uploaded. It is compounded by user consent dialogs that are not as clear as they could be, making it easy for users to click through, unaware of access being granted to a third party app.

The problem is discussed by Elad Luz, research lead at Oasis Security. “In simple terms,” explains the researcher, “any web application that uses the OneDrive File Picker has access not just to the file you select to upload / download, but to your entire OneDrive. Even worse, this access might persist after the file upload is complete.” It is a classic denial of the least privilege principle.

Lud names five widely used web apps that are affected: ChatGPT, Slack, Trello, Zoom and ClickUp, but estimates that hundreds of other apps are affected. Oasis reported its concerns to Microsoft, who “took note of the report and may consider improvements in the future.” However, Lud also notes that other cloud providers use less coarse-grained choices.

“Google Drive,” for example, “offers a fine-grained [OAuth] scope for web applications, allowing them access only to files that the app has created or those that have been explicitly shared with it.”

And “Dropbox offers a file picker solution through its Chooser SDK, which does not rely on a typical OAuth flow. Instead, it uses a proprietary endpoint where it passes the app key to retrieve the selected files.” This minimizes the need for broad permissions and avoids unnecessary exposure of user data.

This is not a bug in Microsoft’s implementation of OAuth, although it could be called a misconfiguration, and it does increase the attack surface. Jason Soroko, senior fellow at Sectigo, comments: “The read/write scope, together with the consent dialog, do not convey that a click grants the integrator a door into every file and folder in the user’s OneDrive, not just the document they meant to share.”

Furthermore, he continues, “Once issued, those long-lived tokens are often cached in localStorage or back-end DBs without encryption. Therefore, any token theft allows attackers to trawl an entire tenant’s data.”