Date of Incident: 2024-01-04
Summary:
All users of marketplaces hosted on our *.wearecnxion.com subdomain were experiencing an error when trying to upload images within their profile pages.
Affected Party:
- All marketplace users on *.wearecnxion.com subdomain.
Issue Description:
The error was identified as being related to the newly implemented security policies that are designed to filter out and challenge malicious traffic. Specifically, a too strict set of rules from the OWASP (Open Web Application Security Project) were applied, which inadvertently caused legitimate image upload operations to fail.
Resolution:
The issue has been comprehensively reviewed, and the OWASP ruleset has been adjusted to allow regular image upload activity while maintaining the security level against malicious threats. We have released a fix for this issue.
Outcome:
Users should now be able to successfully upload images to their profile pages on all marketplaces hosted on the *.wearecnxion.com subdomain without encountering previous errors.
Follow-up Actions:
It is advised that a thorough testing phase is conducted to ensure that the fix is properly implemented and does not inadvertently reintroduce vulnerabilities. Additionally, users should be notified of the resolution and encouraged to report any further issues related to this incident.
Documentation:
No video or further documentation provided. The situation will continue to be monitored to ensure the efficacy of the fix.
:format(webp)/app.wearecnxion.com/static/wearecnx/img/logo-icon.png "CNXION"){kind=icon}