On Monday August 28th, 2023 at 9:31 GMT open-appsec team was notified by email about a potential issue with the Web Portal Events view which may allow tenants to see logs of other tenants via the web portal in certain circumstances.
The open-appsec team verified the issue and at 11:30 GMT blocked the relevant section of the application as a pre-caution. Additional checks verified that the report is indeed relevant in some cases.
At 16:58 GMT we enabled back the Events view with UI filters available only and later and at 20:28 GMT the system was returned to full functionality.
Please note that that the issue was only relevant for open-appsec web-portal users and currently no users are at risks as we blocked the relevant section. There was also no issue for CloudGuard AppSec Web Portal users.
Our commitment is always to the security of our users and to being fully transparent also when we have problems. We are grateful for the communication of the issue to us. This is the true spirit of an open-source project.
Last update: 28/08 20:48 GMT.
