Release Notes

Fixed

• Pro: Fixed login button visual regression.

• Pro: Fixed an issue where the Jenkins login scanner incorrectly identified Jenkins as not requiring authentication.

• Pro: Fixed an issue that could cause crashes after uploading a custom logo for reports.

• PR 19366 - Update the Jenkins login scanner to correctly determine whether authentication is required.

Modules

• PR 19351 - This adds an exploit module for CVE-2024-4548, an unauthenticated SQL Injection vulnerability able to achieve remote code execution as NT AUTHORITY\SYSTEM.

• PR 19373 - This adds an auxiliary module to exploit the CVE-2024-5276, a SQL Injection vulnerability that allows for adding an arbitrary administration user in the application.

• PR 19394 - Adds a new exploit/multi/http/spip_porte_plume_previsu_rce SPIP Unauthenticated Remote Code Execution (RCE) module targeting SPIP versions up to and including 4.2.12.

Offline Update

• https://updates.metasploit.com/packages/b9c2e18a486cd96a1b58c8f34ad79960f0900fa3.bin

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version