Problem listing vulnerabilities in Locations view
Incident Report for Fluid Attacks


At least two groups experienced problems with the platform not listing all vulnerabilities in the Locations view, showing only the first 100 vulnerabilities. The issue started on UTC-5 24-02-28 11:42 and was proactively discovered 57.6 minutes (TTD) later by one of our engagement managers, who reported through our help desk that some existing vulnerabilities were not being displayed correctly. The problem was resolved in 5.2 hours (TTF) resulting in a total impact of 6.2 hours (TTR). [1][2].


Loading over 100 vulnerabilities with specific roles in the platform caused an error. This happened because we sent the same parameter (after) for 3 different requests, resulting in the request failing only displaying the first 100 vulnerabilities. The affected roles had an additional permission that triggered an extra query, leading to the error [3].


We have segregated the parameter for each request [4].


The lack of testing accounting for that number of vulnerabilities and the roles involved led to the issue. To prevent similar incidents in the future, we are implementing comprehensive tests to encompass this scenario. Therefore, an issue was created to implement such tests [5]. INCOMPLETE_PERSPECTIVE < MISSING_TEST

Posted Feb 29, 2024 - 16:43 GMT-05:00

The incident has been resolved, and now the reported vulnerabilities are being listed correctly.
Posted Feb 28, 2024 - 18:28 GMT-05:00
The platform has been identified as not listing all reported vulnerabilities in the Locations view.
Posted Feb 28, 2024 - 15:46 GMT-05:00
This incident affected: Platform.