Cybersecurity analysts have identified a security vulnerability in Microsoft’s OneDrive File Picker that, if effectively taken advantage of, could permit websites to retrieve a user’s complete cloud storage contents, rather than merely the files chosen for upload through the application.
“This arises from excessively expansive OAuth permissions and deceptive consent interfaces that do not adequately clarify the level of access being permitted,