search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.04k stars 422 forks source link

Navigating to CVE page on a new Fleet instance can cause 500 error #22523

Open xpkoala opened 2 weeks ago

xpkoala commented 2 weeks ago

Fleet version: main

Web browser and operating system: Chrome 128.0.6613.138

💥  Actual behavior

When attempting to navigate to a software vulnerability the user is shown a 500 error.

🧑‍💻  Steps to reproduce

  1. On a new instance of Fleet
  2. Add hosts that include software with vulnerabilities
  3. Navigate to the /software/vulnerabilities page
  4. Click on a vulnerability

🕯️ More info (optional)

{
  "message": "Authorization header required",
  "errors": [
    {
      "name": "base",
      "reason": "Authorization header required"
    }
  ],
  "uuid": "a1a76540-9eb9-4224-b055-1567761b6a13"
}

Video of the behavior: https://www.loom.com/share/273f6b9744824e989e8ed55312897d20

xpkoala commented 2 weeks ago

The issue seems to self-correct after a cleanups_then_aggregation cron is run. Which means the window for this issue to appear is no more than 60 minutes after the first vulnerabilities cron completes.

RachelElysia commented 1 week ago

Can you clarify the solution @xpkoala ?

sharon-fdm commented 1 week ago

Hey team! Please add your planning poker estimate with Zenhub @getvictor @lucasmrod @mostlikelee @iansltx

xpkoala commented 1 week ago

@RachelElysia I'm not entirely sure what the solution should be, but if the user is able to click into a cve details page that page should render with the correct data or we should provide a static page mentioning to check back later (similar to collecting software on new hosts).

I believe @mostlikelee identified the host information that is missing until the automations cron is run.