github - ghsa-fwxm-w6rg-c4gp

GHSA-FWXM-W6RG-C4GP

Vulnerability from github – Published: 2023-04-14 21:30 – Updated: 2024-04-04 03:28

Details

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-46886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-14T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.",
  "id": "GHSA-fwxm-w6rg-c4gp",
  "modified": "2024-04-04T03:28:49Z",
  "published": "2023-04-14T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46886"
    },
    {
      "type": "WEB",
      "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-46886 (GCVE-0-2022-46886)

Vulnerability from cvelistv5 – Published: 2023-04-14 00:00 – Updated: 2025-02-06 21:46

Summary

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE

open redirect

Assigner

References

URL

Tags

https://support.servicenow.com/kb?id=kb_article_v…

Impacted products

	Vendor	Product	Version
	ServiceNow	ServiceNow	Affected: Tokyo , < Tokyo Patch 1b (custom) Affected: San Diego , < San Diego Patch 7b (custom) Affected: Rome , < Rome Patch 10 Hotfix 2b (custom) Affected: Quebec , < Quebec Patch 10 Hotfix 10b (custom)

Credits

theamanrawat

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:39:38.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-46886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:46:23.163978Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-601",
                "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T21:46:36.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ServiceNow",
          "vendor": "ServiceNow",
          "versions": [
            {
              "changes": [
                {
                  "at": "Tokyo Patch 3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "Tokyo Patch 1b",
              "status": "affected",
              "version": "Tokyo",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "San Diego Patch 9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "San Diego Patch 7b",
              "status": "affected",
              "version": "San Diego",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "Rome Patch 10 Hotfix 3b",
                  "status": "unaffected"
                }
              ],
              "lessThan": "Rome Patch 10 Hotfix 2b",
              "status": "affected",
              "version": "Rome",
              "versionType": "custom"
            },
            {
              "lessThan": "Quebec Patch 10 Hotfix 10b",
              "status": "affected",
              "version": "Quebec",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "theamanrawat"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\u003c/p\u003e"
            }
          ],
          "value": "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSuccessful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing.  This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\u003c/p\u003e"
            }
          ],
          "value": "Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing.  This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "open redirect",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-17T21:53:31.401Z",
        "orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
        "shortName": "SN"
      },
      "references": [
        {
          "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
    "assignerShortName": "SN",
    "cveId": "CVE-2022-46886",
    "datePublished": "2023-04-14T00:00:00.000Z",
    "dateReserved": "2022-12-09T00:00:00.000Z",
    "dateUpdated": "2025-02-06T21:46:36.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-FWXM-W6RG-C4GP

CVE-2022-46886 (GCVE-0-2022-46886)

Tags

Sightings

Nomenclature