- Last Thursday (January 30th) at 19:44 we released a version of Integrates that caused a malfunction in authorization roles, in which “Manager” users were affected. The details of this commit can be found at https://gitlab.com/fluidattacks/integrates/commit/d1814d
- We are updating our authorization model, to give more flexibility to our current roles and create more of them in the future. This issue was a product of one of those migrations.
- No migration-related error, including this one, has jeopardized the confidentiality of our users’ information.
What we’ve done
- On January 31st at 11:29, the issue was fixed by correctly assigning the permissions to the affected role.
What’s the impact
- The issue lasted approximately 16 hours. However, access attempts only occurred from 7:50 to 11:12 on January 31st.
- Approximately 6 of our users with manager roles were unable to see the “Users” tab and to manage the information of the findings on January 31st until 11:29.
What we are doing to help
- To avoid future similar issues we are strengthening the peer review process in our development team, assuring that the changes in the authorization model are not affecting the previous ones.
- With this announcement, customers are being notified that this was an internal error caused by a set of changes we had made on the authorization model and of what we did to fix it.