Locations are not being shown correctly for a finding
Incident Report for Fluid Attacks


At least one user found that the locations view showed only the first 100 vulnerable locations. The incident was detected reactively by a user who reported through our help desk [1] that he logged into the location view of one of his findings and could only see the first 100 vulnerabilities when in fact he had more.


The locations are loaded from the db in pages of 100 units at a time, each location has a field with the name advisories which in turn contains a field with the name cve. This last one must be stored with the list type, however, there were punctual situations in which the field was of string type, so the loading was stopped by a typing error and only the pages loaded before it were shown.


A casting was performed to transform the cve field from string type to list type [2], and a migration was performed to fix the typing of the data fields stored in the database [3].


The incorrectly typed data was introduced when performing a migration to populate locations in the database, this type of migration is critical and should be controlled with an accurate peer review, however, on this occasion, the error was not detected before going to production. FAILED_PEER_REVIEW

Posted Sep 15, 2023 - 18:30 GMT-05:00

The team has made a fix and it is evident that all vulnerabilities are now visible.
Posted Sep 15, 2023 - 17:12 GMT-05:00
Groups have been found in which only 100 vulnerabilities are being uploaded when in reality there are more.
Posted Sep 15, 2023 - 13:58 GMT-05:00
This incident affected: Platform.