Invicti Enterprise On-Demand 16 Nov 2023 v23.11.0
This update includes changes to the internal agents. The internal scan agent’s current version is 23.11.0. The internal authentication verifier agent’s current version is 23.11.0.
New features
- Added the ability to pull a PCI Report from the CloneSystem itself by using API endpoints
- Added the option for customers to define a namespace for their HashiCorp integration
- Enhanced reporting capabilities with more attributes available in .csv exports and the option to do a .csv export in more places in the UI
- Added an option under New Scan Policy > Ignored Parameters to allow customers to set ‘Cookie’ as a type of ignored parameter
New security checks
- Added new checks for the WordPress Login with Phone Number Plugin: CVE-2023-23492
- Added new checks for the WordPress JupiterX Core Plugin: CVE-2023-38389, CVE-2023-38388
Improvements
- Added support for custom authentication tokens without token type
- Improved LFI attack patterns for better accuracy
- Fixed some vulnerabilities in the Docker image
- Stricter sensitive data rules
- Improved bot detection bypass scenarios
Fixes
- Fixed a sensitive data issue when uploading a pre-request script
- Fixed a bug that was preventing scheduling group scans using API
- Fixed custom header values in scan profiles so that they are masked
- Docker Cloud Stack check has been updated to reduce noise
- SSL/TLS classification updated from CWE-311 to CWE-319