Impact
At least one organization encountered issues when users clicked on any link under the Vulnerabilities column in the Groups table at the organization level. The issue started on UTC-5 24-03-05 10:08 and was reactively discovered 6.2 days (TTD) later by a client who reported through our help desk [1] that while attempting to click on a link in the Vulnerabilities column to access any of their organization's groups, the platform displayed the error messageThere is an error :(
. The problem was resolved in 2.4 hours (TTF), resulting in a total window of exposure of 6.3 days (WOE) [2].
Cause
The Links' URLs were malformed, with the term vulns
repeated twice at the end [3].
Solution
The team removed the duplicated word from the URL [4].
Conclusion
Inadequate testing of the redirection functionality triggered by that button resulted in an invalid URL going unnoticed. To prevent similar incidents in the future, the team has implemented comprehensive tests in this specific area [5]. INCOMPLETE_PERSPECTIVE < MISSING_TEST