<ul><li>A report by Oasis Security Ltd. highlights critical security issues in Microsoft's OneDrive File Picker, exposing users' entire content to third-party web apps.</li><li>The flaws stem from excessive permissions granted through OAuth protocols, allowing access to all OneDrive content instead of specific files.</li><li>The lack of fine-grained scopes in the OneDrive File Picker creates a risk of unauthorized access to sensitive content, affecting hundreds of apps and potentially millions of users.</li><li>Security experts recommend enforcing admin consent policies, reviewing app registrations for high-risk scopes, and using token protection measures to mitigate the security risks associated with overpermissioning in OneDrive File Picker.</li></ul>

Oasis Security warns of excessive OneDrive File Picker permissions exposing entire drives

Discover more