ServiceNow thanks AppOmni for reporting an issue with Knowledge Bases and working with us to improve our customers’ security. ServiceNow is committed to fostering collaboration with the security community, and we appreciate AppOmni’s continued partnership and coordinated disclosure.
ServiceNow has published KB1123580 to provide our customers guidance on how to configure their instances to prevent unauthenticated access to Knowledge Base Articles. ServiceNow has also communicated to customers who we have identified as likely being misconfigured referencing this guidance.
For more information, please reference AppOmni’s blog post by Aaron Costello, Chief of SaaS Security Research: https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
