Immuta experienced a notice incident on April 18, 2023, lasting —. The incident has been resolved; the full update timeline is below.
Update timeline
- resolved Apr 20, 2023, 02:00 PM UTC
This issue was first reported as authentication issues when using a SAML based login. Users were presented with a 401 Unauthorized message when attempting a valid login. This prevented access to the UI and also in some cases access to the data sources. This only impacted sites using SAML authentication and the issue was resolved April 18 6:00 am EDT.
- postmortem Apr 20, 2023, 02:01 PM UTC
## **Root Cause** A change was introduced when upgrading the passport-saml package to address a reported critical level vulnerability \(CVE-2023-29017\). The new version of the library has several changes to required parameters, also how it handles undefined parameters. This change introduced an issue that caused the library to not pass IAM authentication attempts. When this issue occurs, Immuta software recognizes the failure of the IAM to be registered as the IAM being removed. Upon removal of the IAM, all users, group memberships and attributes for the IAM were removed. This would cause the loss of access to all data sources. ## **Short Term and Long Term Remediation** This issue was linked to the SaaS deployment that occurred on April 17, 2023 at 2:30pm EDT. As a short term remediation, the Immuta instances were rolled back to the previous software deployment that was deployed on April 13th. . The long term remediation is to investigate the updated passport-saml library and determine how to mitigate the issue safely. We will also determine additional testing that can be done to fully vet the changes in the third party library. In addition to the engineering updates, we will be re-evaluating the automation of subscription policies when there are authentication failures. We will be looking at safeguards to prevent failed authentications in this fashion to remove all data source access.