Impact
At least one user experienced difficulties accessing the platform. The issue started on UTC-5 25-06-27 15:55 and was reactively discovered 26 days (TTD) later by a client who reported through our help desk [1] that the platform displayed an Access denied message when trying to access the platform. The problem was resolved in 5.2 hours (TTF), resulting in a total window of exposure of 26.2 days (WOE) [2].
Cause
During a system update to improve security, some of the general user permissions were not fully updated. As a result, all users with similar roles were missing certain permissions needed to access specific features, which prevented platform access [3].
Solution
The missing permissions were added to the User role, restoring access to the platform. In this case, three specific access permissions were granted [4].
Conclusion
The incident highlights the importance of reviewing and updating general permission settings during system changes to ensure that all users retain access to the needed features. FAILED_MIGRATION < INCOMPLETE_PERSPECTIVE