Unable to access vulnerable findings
Incident Report for Fluid Attacks
Postmortem

Impact

At least three organizations were denied access to findings with vulnerable status (UTC-05 23-06-29 14:08 to 23-07-04 15:49: 5.1 days -time to recover-). The incident was detected reactively (at UTC-5 23-07-03 15:04: 4 days -time to detect-) by a user who reported through our helpdesk [1] that our agent was blocking the execution of his pipeline due to a vulnerability found, however when entering the platform in the vulnerabilities view the vulnerability was not listed.

Cause

We had a problem when updating our indicators, in the merge request [2] changes were introduced in which some methods lacked tests, the methods that depended directly on those values were not taken into account, and no test failed.

Solution

We introduced the solution in a merge request [3] which updated the correct values of the findings, allowing them to be displayed.

Conclusion

A new issue has been created [4] in which the method was expected to be changed to use the new values for the filter to work properly.

Posted Sep 18, 2023 - 21:40 GMT-05:00
Resolved
The problem has been resolved and the vulnerabilities can now be accessed normally.
Posted Aug 04, 2023 - 13:25 GMT-05:00
Identified
Some users are receiving an access denied message when trying to access the findings.
Posted Jul 03, 2023 - 15:04 GMT-05:00
This incident affected: Platform.
Current Status Powered by Atlassian Statuspage