What happened

• Last Thursday (January 30th) at 19:44 we released a version of Integrates that caused a malfunction in authorization roles, in which “Manager” users were affected. The details of this commit can be found at https://gitlab.com/fluidattacks/integrates/commit/d1814d
• We are updating our authorization model, to give more flexibility to our current roles and create more of them in the future. This issue was a product of one of those migrations.
• No migration-related error, including this one, has jeopardized the confidentiality of our users’ information.

What we’ve done

• On January 31st at 11:29, the issue was fixed by correctly assigning the permissions to the affected role.

What’s the impact

• The issue lasted approximately 16 hours. However, access attempts only occurred from 7:50 to 11:12 on January 31st.
• Approximately 6 of our users with manager roles were unable to see the “Users” tab and to manage the information of the findings on January 31st until 11:29.

What we are doing to help

• To avoid future similar issues we are strengthening the peer review process in our development team, assuring that the changes in the authorization model are not affecting the previous ones.
• With this announcement, customers are being notified that this was an internal error caused by a set of changes we had made to the authorization model and of what we did to fix it.