GHSA-535G-62R7-CX6V

Vulnerability from github – Published: 2025-10-21 21:46 – Updated: 2025-10-22 19:45
VLAI?
Summary
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Details

The servicenow config URL is using a generic django View with no authentication.

URL: /plugins/ssot/servicenow/config/

Impact

What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page.

Patches

Has the problem been patched? What versions should users upgrade to? We highly recommend upgrading to SSoT v3.10.0 which includes this patch.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? Disable the servicenow SSoT integration

Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nautobot-ssot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-21T21:46:35Z",
    "nvd_published_at": "2025-10-22T16:15:45Z",
    "severity": "MODERATE"
  },
  "details": "The servicenow config URL is using a generic django View with no authentication.\n\nURL: `/plugins/ssot/servicenow/config/`\n\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\nAn Unauthenticated attacker could access this page to view the Service Now public instance name e.g. `companyname.service-now.com`. This is considered **low-value information**.  This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nWe highly recommend upgrading to SSoT v3.10.0 which includes this patch.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nDisable the servicenow SSoT integration",
  "id": "GHSA-535g-62r7-cx6v",
  "modified": "2025-10-22T19:45:46Z",
  "published": "2025-10-21T21:46:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62607"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot-app-ssot/commit/1530d25cdeb929641ec47644f9a0a1d9d41e1cb8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nautobot/nautobot-app-ssot"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot-app-ssot/releases/tag/v3.10.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.