Researchers Discover Flaw in Microsoft OneDrive File Picker

Cybersecurity researchers have discovered a vulnerability in the file picker of Microsoft OneDrive. This vulnerability allows websites to access the entire content of a user's cloud storage, instead of being limited to the files selected for upload. The flaw is due to overly broad OAuth scopes and misleading consent screens that do not clearly specify the extent of the access granted.