SNOW-24.1: Agent API Endpoint Without OAuth Scope Validation
๐ด High ยท ServiceNow API Authentication
Detects Scripted REST APIs and Now Assist API endpoints accessible to AI agents that lack OAuth entity scope validation. Without scope constraints, any OAuth client can invoke agent-specific endpoints.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | SNOW-24.1 |
| Severity | High |
| Category | ServiceNow API Authentication |
| Platforms | servicenow |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to SNOW-24.1.