Broken vulnerability links in groups table

Incident Report for Fluid Attacks

Postmortem

Impact

At least one organization encountered issues when users clicked on any link under the Vulnerabilities column in the Groups table at the organization level. The issue started on UTC-5 24-03-05 10:08 and was reactively discovered 6.2 days (TTD) later by a client who reported through our help desk [1] that while attempting to click on a link in the Vulnerabilities column to access any of their organization's groups, the platform displayed the error messageThere is an error :(. The problem was resolved in 2.4 hours (TTF), resulting in a total window of exposure of 6.3 days (WOE) [2].

Cause

The Links' URLs were malformed, with the term vulns repeated twice at the end [3].

Solution

The team removed the duplicated word from the URL [4].

Conclusion

Inadequate testing of the redirection functionality triggered by that button resulted in an invalid URL going unnoticed. To prevent similar incidents in the future, the team has implemented comprehensive tests in this specific area [5]. INCOMPLETE_PERSPECTIVE < MISSING_TEST

Posted Mar 12, 2024 - 09:05 GMT-05:00

Resolved

The incident has been resolved, and now the links under the Vulnerabilities column are working correctly.
Posted Mar 11, 2024 - 18:02 GMT-05:00

Identified

Problems when clicking on links under the Vulnerabilities column of the Groups table.

Workaround:
Utilize the links in the Group name column to access the affected vulnerability list, bypassing the broken links.
Posted Mar 11, 2024 - 16:51 GMT-05:00
This incident affected: Platform.