Impact
At least one user experienced issues when trying to generate a Vulnerabilities CSV report. The issue started on UTC-5 25-10-07 17:54 and was reactively discovered 17.5 hours (TTD) later by a client who reported through our help desk [1] that the process stayed stuck in a “Processing file” state and never finished. This issue affected all groups that had vulnerabilities marked with the source CUSTOMER. The problem was resolved in 2.6 hours (TTF), resulting in a total window of exposure of 20.1 hours (WOE) [2].
Cause
A specific value called CUSTOMER was removed from the system configuration used to identify the source of vulnerabilities. This value was deleted as part of a cleanup process, assuming it was no longer needed. However, the platform still had some vulnerabilities using that value, and a function tried to read it when generating the CSV report. Since the value no longer existed, the process failed and caused the file generation to stop [3].
Solution
The CUSTOMER value was temporarily added back to the system so reports could be generated correctly again. A migration will be done soon to remove all vulnerabilities using this outdated value, allowing it to be safely deleted later [4].
Conclusion
Extra checks were added to ensure that all possible source values are correctly recognized by the system. This will prevent similar errors in future updates or cleanups. INCOMPLETE_PERSPECTIVE < MISSING_TEST