Skip to main content

Mondoo 10.9 is out!

ยท 3 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 10.9 is out! This release includes CVE remediation automation, detection of remote exploits in your infra, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


๐ŸŽ‰ NEW FEATURESโ€‹

Automate your CVE remediationโ€‹

Let Mondoo do the heavy lifting when it comes to remediating critical software vulnerabilities in your infrastructure with new Ansible and Bash remediation scripts to accelerate the patching of systems.

Software resolution

Expose remote exploits in your infrastructureโ€‹

With the new "Remote execution" risk for CVEs and advisories, you can now prioritize and patch the highest risks to your business before attackers find them. Mondoo lets you sort by CVEs and vendor advisories that are known to be susceptible to remote code execution over the network.

CVE-2023-22505 Remote Exploit

๐Ÿงน IMPROVEMENTSโ€‹

Resource improvementsโ€‹

assetโ€‹

  • New field annotations.

aws.iam.policiesโ€‹

  • Fix parsing data in attachedRoles field.

aws.rds.dbclusterโ€‹

  • New field hostedZoneId.
  • New field latestRestorableTime.
  • New field masterUsername.

aws.rds.dbinstanceโ€‹

  • New field latestRestorableTime.
  • New field masterUsername.

Ansible scan interval / splay settingsโ€‹

Control the scan interval and splay settings for Mondoo clients set up with the Mondoo Ansible role using new splay and timer variables.

Learn more in our all new Ansible docs!

Signed providers on Windowsโ€‹

Is it an advanced security product or a virus? It turns out that sometimes your endpoint protection software can't tell the difference. To help, we're signing all Mondoo providers to prevent tools flagging providers as potentially malicious software.

Friendly messages for space viewers in Kubernetes integrationsโ€‹

Want to take a peak at the configuration of Kubernetes integrations, but you only have the viewer permissions on the space? No worries. Kubernetes integration pages now show friendly messages when service account information is unavailable due to a lack of permissions. Stay curious.

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Collect running kernel in SBOMs.
  • Don't fail if a Linux process is running under a user that has been deleted.
  • Fix AWS instances failing to scan via SSM in the Lambda integration.
  • Improve network security group checks in the CIS Azure Foundation benchmark policy to ignore case and better target the security rules.
  • Update CIS benchmarks for AlmaLinux, Rocky Linux, and Oracle Linux to skip GDM checks on headless systems.
  • Display the Terraform logo for the Terraform Asset Inventory Pack.
  • Display the Windows logo instead of the Microsoft 365 logo for all Windows desktop CIS policies.
  • Improve Azure Pipeline setup examples in the console.
  • Show labels on the asset overview when an asset is unscored.
  • Update instructions and documentation links in Azure integration to match the latest Microsoft Entra ID pages.
  • Improve AWS integration error messages in the console.
  • Prevent multiple AWS scan requests from running at once in the AWS integration.
  • Fix incorrect links in Red Hat advisories.
  • Fix newer vendor advisories showing as unscored when the attached CVEs have no score.
  • Improvements to Okta and Azure SCIM 2.0 support.
  • Fix scanning of Docker images that are not on the system.
  • Fix fetching of Microsoft 365 groups when there are a large number of groups in Entra ID.
  • Fix scanning of private images in Kubernetes clusters.
  • Improve performance in the tls.certificate resource.