Instability with CSPM vulnerability reports
Incident Report for Fluid Attacks
Postmortem

Impact

Two groups with CSPM configuration had instability problems with vulnerability reports in their cloud environments. The issue started on UTC-5 24-05-08 11:18 and was proactively discovered 11.9 days (TTD) later by a staff member who reported through our help desk [1] the instability in the group reports. The problem was resolved in 1.4 days (TTF) resulting in a total impact of 13.3 days (TTR) [2].

Cause

A change in execution in the machine scanner's CSPM module was made to ensure access to temporal credentials during execution. However, in environments with static credentials configured, the change was causing problems in the reports [3].

Solution

A solution was implemented to handle static credentials for CSPM environments. This option is no longer supported to comply with AWS security standards; however, for clients who haven´t made the adjustment or run the scanner as a standalone product, this ensures no stability problems for CSPM reports [4].

Conclusion

The issue didn't arise in test cases because the static credentials configuration was not considered. This highlights the importance of verifying transitional stages and/or ensuring client support in all different use cases. INCOMPLETE_PERSPECTIVE < MISSING_TEST

Posted May 28, 2024 - 11:27 GMT-05:00
Resolved
The incident has been resolved, and users with static credentials in their CSPM module can correctly access their vulnerability reports without instability problems.
Posted May 22, 2024 - 04:30 GMT-05:00
Current Status Powered by Atlassian Statuspage