An unknown number of platform users read an incorrect severity number. The issue started on UTC-5 23-06-29 14:08 and was proactively discovered 1.1 months (TTD) later by our engineering team, who noticed the inconsistency while running local automated tests. The problem was resolved in 4.8 days (TTF), resulting in a total window of exposure of 1.3 months (WOE) [1].
An indentation bug introduced generated an early exit from the function that calculates the finding's severity score, impacting the max-open-severity-score results [2].
The error was fixed by correcting the code indentation [3].
The bug was not detected before reaching production because the tests that verified the module in charge of calculating the indicator did not cover this particular case; therefore, new tests that covered the module correctly were added [4]. MISSING_TEST