Invicti Enterprise On-Demand 03 Dec 2024 v24.12.0
This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.0. The internal authentication verifier agent’s current version is 24.12.0
New Features
- API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more
New Security Checks
- Added detection of Google Tag Manager as a technology in the Vulnerability Database (VDB)
Improvements
- Enhanced security to prevent customer login information from being written in clear text
- OpenSSL configuration (openssl.cnf) updated for Docker compatibility
- Added new filter in Recent Scans page for Agent Mode in order to distinguish between Internal and Cloud agents
- Revised field descriptions in the Swagger model documentation to accurately reflect the use of the RequiredIf attribute
- Improved analysis and remediation capabilities for [Possible] Server-Side Template Injection vulnerabilities
Fixes
- Resolved a breaking change in .NET 8’s System.Net.Security.UseManagedNtlm by upgrading from Ubuntu 22.04 to Ubuntu 24.04, where the issue was addressed. The Agent was updated to .NET 8.
- Fixed an issue where Retest-type scans did not identify the same vulnerabilities detected during full scans
- Fixed high CPU usage in some agents caused by Chromium
- Scans attempting to run with Agent Group without any agents will result correctly in failure instead of queue
- Fixed an issue that was preventing users from accessing a Scan Policy
- Fixed an issue where the Misconfigured Access-Control-Allow-Origin Header vulnerability was not detected
- Improved detection of the [Possible] Password Transmitted over Query String vulnerability