Vulnerabilities CSV file export not working

Incident Report for Fluid Attacks

Postmortem

Impact

At least two organizations experienced issues when generating the Vulnerabilities CSV report. The issue started on UTC-5 25-04-29 15:27 and was reactively discovered 19.9 hours (TTD) later by a client who reported to one of our engagement managers [1] that the report could not be generated, as the modal remained blocked after requesting the verification code. The problem was resolved in 10.5 hours (TTF), resulting in a total window of exposure of 1.2 days (WOE).

Cause

A telemetry mechanism was introduced to determine the group associated with each API request. However, with the adoption of MCP, this flow began to be used for cases where organization-level information was needed. Since the mechanism attempted to retrieve group-related data even in organization-level requests, such as generating the analytics CSV report, an error occurred because no group could be linked to the organization context [2].

Solution

The telemetry retrieval of group name and role variables was removed. Not attempting to gather this information also improved performance during these requests [3].

Conclusion

The adjustments ensure that organization-level requests are handled correctly, preventing similar issues in the future and allowing users to generate reports without interruption. INCOMPLETE_PERSPECTIVE

Posted May 05, 2025 - 10:58 GMT-05:00

Resolved

The incident has been resolved, and it is now possible to successfully download the Vulnerabilities CVS file.
Posted Apr 30, 2025 - 23:35 GMT-05:00

Identified

Users are currently unable to export the Vulnerabilities CSV file.
Posted Apr 30, 2025 - 11:45 GMT-05:00
This incident affected: Platform.