Potential Data Leak Risk in Employee Relations Plugin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2024 07:56 PM
Attention all ServiceNow users leveraging the Employee Relations plugin!
We've identified a potential data leak risk that could compromise sensitive information. While the Employee Relations plugin restricts access to Evidence records based on the associated ER case permissions, a critical vulnerability exists.
Here's the issue:
- When you attach files to Evidence records, these files are accessible to Admin users who may not have access to the corresponding ER case.
- This means that sensitive information related to confidential cases could potentially be exposed to unauthorized personnel.
We will report this issue to Now Support and encourage you to share this information with your colleagues and work together to ensure the security of your ServiceNow instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2025 06:52 PM
Hi, This is fixed on Yokohama instance
Here is KB link and PRB1779170 is the issue
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1710869