News OneDrive Flaw Provides Apps Full Read Access to Users’ Entire OneDrive

[ibose]

OneDrive File Picker OAuth Flaw Exposes Full Drive Access

Oasis Security reveals a OneDrive File Picker flaw allowing full drive read access via OAuth, affecting apps like ChatGPT, Slack, Trello, and ClickUp.

www.oasis.security

For those who use OneDrive, the flaw is in the file picker; mitigation steps are included.

 

[iamX]

Thanks for sharing, I guess there will always some security vulnerability or the other. Another reason to stick with known GPT and AI solutions.

 

[ibose]

Another reason to stick with known GPT and AI solutions.

Not sure how this will help when the vulnerability is in Onedrive

 

[iamX]

Not sure how this will help when the vulnerability is in Onedrive

I meant I'd hope for ChatGPT and Gemini to not take advantage of that vulnerability unlike a Chinese AI/App. Or maybe it's just hoping against hope.

 

[bruhhh123]

might be a stupid question, but most corporates use microsoft services and onedrive. So does this mean most of this dsta is compromised?

 

[ibose]

might be a stupid question, but most corporates use microsoft services and onedrive. So does this mean most of this dsta is compromised?

It would be locked down for internal usage only and to prevent access to third party apps and services.