If you use OneDrive to upload files to ChatGPT or Zoom, don’t

Using Microsoft OneDrive to upload a file to ChatGPT, Slack, or Zoom could lead to a user handing over access to more than just that one file.

According to an Oasis Security research, applications using Microsoft’s official OneDrive File Picker may get full read access to a OneDrive account in addition to write access, in certain circumstances.

“The core issue here is with Microsoft’s OneDrive File Picker, which requests broad access to a user’s entire OneDrive –even when the user is just trying to upload a single file,” said Vijay Dilwale, principal security consultant at Black Duck. “The user experience makes it seem like only the selected file is being shared, but in reality, the app often gets full read (and sometimes write) access to everything.”

OneDrive File Picker is a Microsoft-provided tool that lets websites and web apps integrate with a user’s OneDrive account to allow uploading, browsing, and selecting OneDrive files directly from the app.

An over-privileged OAuth trap

This broad access stems from a limitation in Microsoft’s OAuth implementation within File Picker that researchers described as “a lack of fine-grained permissions scopes.”

Jason Soroko, senior fellow at Sectigo, calls the oversight an over-privileged OAuth trap. “Microsoft’s OneDrive File Picker encourages third-party web apps to request broad files,” he said. “Once issued, those long-lived tokens are often cached in localStorage or back-end databases without any encryption, potentially allowing attackers to trawl an entire tenant’s data.”

OneDrive File Picker’s OAuth implementation requests broad scopes, instead of fine-grained, file-level scopes, allowing users and developers to restrict access to only the files explicitly selected.

According to Oasis, all versions of the OneDrive File Picker request permissions that allow them to read the user’s entire OneDrive drive for the “upload” process and write to anywhere on the drive for the “download” process.

However, version 7.0 of the File Picker in specific requests both read and write permissions for the upload process.

“The lack of fine-grained scopes for the file picker use case makes it impossible for users to distinguish between malicious apps that target all your files and legit apps that ask for excessive permissions just because there is no other secure option,” researchers said in a blog post.

Web app vendors aren’t off the hook

This could be bad news for security teams, according to Eric Schwake, director of cybersecurity strategy at Salt Security. “Sensitive secrets required for this access are often stored in an insecure manner by default,” Schwake said. “This situation presents a key API security challenge for security teams, and with services like ChatGPT heavily depending on APIs to access and handle user data, this poses an even greater risk.”

A third-party web application ending up with “unintentional” user data owing to this situation becomes a target for threat actors and could potentially run afoul of compliance rules just by having that level of access.

Oasis notes that apps such as ChatGPT (uses File Picker v8.0), ClickUp, Trello, Zoom, and Slack are potentially affected. Even apps like Phenome, a recruitment tool, could unintentionally expose confidential files if users upload resumes from corporate accounts.

“Vendors developing Web apps are at risk, as security incidents could result in severe consequences, leaking a lot of files from a lot of their users,” Oasis researchers noted.

Certain steps are key while Microsoft looks into the issue

Oasis reported that it had contacted Microsoft, which acknowledged the report and indicated that it may consider making improvements in the future.

Microsoft did not respond to queries about the issue.

In the meantime, Oasis recommended a few mitigation steps for web apps, which include removing the file upload option using OneDrive through OAuth until Microsoft fixes it, and exploring simpler workarounds like supporting shared “view only” file links from OneDrive.

Oasis also noted that File Picker solutions on other file hosting services such as Google Drive and Dropbox can be used as an alternative too as they don’t suffer from this issue.

“Users should assume that every SaaS plug-in they authorize has the keys to their personal or enterprise crown jewels unless proven otherwise,” Soroko said. “Security teams should enforce ‘admin consent’ or conditional-access policies that block apps requesting anything beyond Files.Read.” Schwake added that stronger API governance to ensure all API permissions are meticulously managed, which includes sticking to least privilege and secure handling of tokens, is necessary for avoiding extensive data exposure.