Attack Surface Management Discovery Engine release v2024.02.01
This Attack Surface Management Discovery Engine release includes:
- Added Secrets Exposed check to detect and report leaked secrets (API Keys, Client Secrets, S3 Bucket Names, Access Keys) in web pages.
- IP addresses are now resolved and stored for AppEndpoint Entities.
- Added CVE-2023-36847 Identifier to Juniper JunOS RCE Chain (CVE-2023-36844/36845/36846)
Bug Fixes
- Fixed bug causing false positives when port scanning certain Entities.
- Fixed bug causing GoDaddy integration to return no Entities.
- Fixed bug where Entities created through cloud integrations did not have the cloud_seed attribute.
- Fixed bug preventing scans from completing due to malformed URI Entity name.
- Fixed bug causing two Issues to be created for the same Entity under certain conditions.
Vulnerability Checks
- Added CVE-2024-23897 Vulnerability Check - (Jenkins - Arbitrary File Read)