Impact
At least one group under the Essential
plan experienced issues when requesting a reattack. The issue started on UTC-5 25-02-07 16:49 and was reactively discovered 11.7 days (TTD) later by a client who reported through our help desk [1] that the reattack button was disabled when attempting to request a reattack on vulnerabilities reported by Machine. The problem was resolved in 23.7 hours (TTF), resulting in a total window of exposure of 12.7 days (WOE) [2].
Cause
With the implementation of the new Locations
table, the restriction allowing Essential
groups to only reattack Machine vulnerabilities was applied in two ways: by disabling both the rows and the reattack button. However, due to the updated flow, only row disabling was necessary [3].
Solution
The restriction that disabled the reattack button was removed [4].
Conclusion
End-to-end testing flows should be implemented for groups under the Essential plan. INCOMPLETE_PERSPECTIVE < MISSING_TEST