Inconsistent number of typologies displayed in group view
Incident Report for Fluid Attacks


In at least one group, an inconsistent count of vulnerability typologies was observed in the group view (UTC-05 22-12-06 18:57 to 23-09-15 13:02: 9.3 months -time to recover-). The incident was detected reactively (at UTC-5 23-09-14 17:54: 9.3 months -time to detect-) by a user who reported through our help desk [1] that when entering the group view he saw that the "Vulnerabilities" column of one of his groups had the value `2 Types Found, however when entering the group there was only one vulnerability and therefore only one typology.


It was identified that the findings used to calculate the indicator in the group view were stored in a table whose data is updated through a scheduled task that runs daily at UTC-5 09:00 and UTC-5 18:00 [2], so at the time the user logged into the platform the actual number of vulnerabilities had changed but the indicator had not yet been updated.


The indicator was updated automatically so that shortly after UTC-5 18:00 the correct values could be seen. However, to avoid a repeat of the inconsistency, the field was modified so that the findings are now taken from a table with real-time data [3].


The indicator was inconsistent as it was being taken from a table with a periodic update instead of real-time, this was not detected by tests as an anomaly because it was the normal behavior, however, the tests were updated to prevent a similar situation from happening again. MISSING_TEST

Posted Sep 15, 2023 - 18:14 GMT-05:00

The typology count has been updated and the correct quantities can now be seen.
Posted Sep 15, 2023 - 13:02 GMT-05:00
Situations with a number of typologies shown in the group view are different from the actual number of typologies.
Posted Sep 14, 2023 - 17:54 GMT-05:00
This incident affected: Platform.