Skip to content

Bug: Bulk vulnerability state change creates broken discussion notes

Summary

When bulk changing vulnerabilities state under the vulnerability report page, the created system note is broken. It has a missing icon (which probably indicates missing type) and it is impossible to add a comment on it. It seems that a note from the bulk operation appears with a different uuid on every vulnerabilityDiscussions GraphQl call, compared to a static one for a working state change note.

Steps to reproduce

  1. Go to the vulnerability report page.
  2. Select multiple vulnerabilities with "Needs triage" status.
  3. Select a new status from the top left dropdown.
  4. Click "Change status" (add a comment if needed).
  5. Go to one of the changed vulnerabilities details page.
  6. See the note - it has a missing icon.
  7. Try to add a comment on the note - an error should pop at the top of the page with "Something went wrong while trying to save the comment. Please try again later."

Example Project

See the generated note here that was created by bulk state change.

For comparison, see a working note here.

Relevant screenshots

image image