Locations are not being shown correctly for a finding
Incident Report for Fluid Attacks
Postmortem

Impact

At least one user found that the locations view showed only the first 100 vulnerable locations. The issue started on UTC-5 23-09-14 14:43 and was reactively discovered 1.9 hours (TTD) later by a user who reported through our help desk [1] that he logged into the location view of one of his findings and could only see the first 100 vulnerabilities when in fact he had more. The problem was resolved in 18 hours (TTF) resulting in a total impact of 19.9 hours (TTR).

Cause

The locations are loaded from the db in pages of 100 units at a time, each location has a field with the name advisories, which in turn contains a field with the name cve. This last one must be stored with the list type. However, there were punctual situations in which the field was of string type, so a typing error stopped the loading, and only the pages loaded before it was shown.

Solution

A casting was performed to transform the cve field from string type to list type [2], and a migration was performed to fix the data fields' typing in the database [3].

Conclusion

The incorrectly typed data was introduced when performing a migration to populate locations in the database. This type of migration is critical and should be controlled with an accurate peer review, however, on this occasion, the error was not detected before going to production. INCOMPLETE_PERSPECTIVE

Posted Sep 15, 2023 - 18:30 GMT-05:00
Resolved
The team has made a fix and it is evident that all vulnerabilities are now visible.
Posted Sep 15, 2023 - 17:12 GMT-05:00
Identified
Groups have been found in which only 100 vulnerabilities are being uploaded when in reality there are more.
Posted Sep 15, 2023 - 13:58 GMT-05:00
This incident affected: Platform.
Current Status Powered by Atlassian Statuspage