Knowledge Base Misconfigurations
There are three common misconfigurations that can put ServiceNow Knowledge Bases at risk:
- Using an older version of ServiceNow that allows public access by default without setting up User Criteria.
- Using “Any User” and “Any user for kb” User Criteria, which can grant access to unauthenticated users without administrators realizing.
- Not configuring denylists, which can allow external users to bypass access controls.
How Attackers Can Gain Access to the Knowledge Bases
Attackers can access misconfigured Knowledge Bases through Public Widgets, such as the “KB Article Page” widget, which displays content from specific articles. By using tools like Burp Suite, attackers can automate requests to find and access articles through the widget. The KB Article Page widget uses a predictable format for article IDs, making it easier for attackers to iterate over and identify exposed articles.
How to Secure Knowledge Bases Against Unauthorized Access
Run Regular Diagnostics on Knowledge Base Access Controls
ServiceNow’s User Criteria diagnostics tool helps administrators identify which users, both authenticated and unauthenticated, have access to Knowledge Bases and individual articles. Use /get_public_knowledge_bases.do to find public Knowledge Bases and /km_diagnostics.do for a full diagnostics tool.
Use Business Rules to Deny Unauthenticated Access by Default
Activate the “sys_id 6c8ec5147711111016f35c207b5a9969” Business Rule, which adds the Guest User to the “Cannot Read and Cannot Contribute” User Criteria for Knowledge Bases.
No Comment! Be the first one.