SNOW-28.1: ACL Script Using GlideRecord (Recursive Bypass)
๐จ Critical ยท ServiceNow ACL
Detects GlideRecord usage in ACL scripts and agent-facing tool scripts. GlideRecord bypasses ACL checks entirely. In ACL scripts this creates a recursive bypass; in agent tools it grants unrestricted database access regardless of Role Masking.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | SNOW-28.1 |
| Severity | Critical |
| Category | ServiceNow ACL |
| Platforms | servicenow |
| Compliance | SOC2_CC6, NIST_AI_RMF |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to SNOW-28.1.