Safety vulnerability ID: 60671
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Prowler 3.9.0 updates its dependency 'gitpython' to include a fix for a Remote Code Execution vulnerability.
https://github.com/prowler-cloud/prowler/pull/2720
Latest version: 4.2.4
Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
_As a young boy chasing dragons
With your wooden sword so mighty
You're St. George or you're David and you always killed the beast
Times change very quickly and you had to grow up early
A house in smoking ruins and the bodies at your feet_
Sometimes chasing dragons and some times walking on the edge of the blade. This Iron Maiden's song _Flash of the Blade_ tells a good history about what comes on the table these days. Enjoy this great song written by Bruce Dickinson back in 1984 (https://www.youtube.com/watch?v=Qx0s8OqgBIw) while reading what's new!
New features to highlight in this version:
⚙️ **New checks for AWS!**
- New AWS Athena service with two new checks `athena_workgroup_encryption` and `athena_workgroup_enforce_configuration`.
- New AWS S3 check `s3_bucket_kms_encryption`.
- New AWS EC2 check `ec2_instance_detailed_monitoring_enabled`.
- New AWS IAM check `iam_inline_policy_no_administrative_privileges` with a new feature in the IAM service which now is capable of retrieving the inline policies for the Users, Roles and Groups.
- Now in the AWS ECR `ecr_repositories_scan_vulnerabilities_in_latest_image` you can configure the minimum severity for this check to raise a FAIL finding using the `ecr_repository_vulnerability_minimum_severity` configuration value. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/
Try them with `prowler aws` and improve your security posture now! 🔒
🖌️ **New CLI flag**
- List all the checks in JSON format, ready to be consumed by the `--checks-file` flag. Try it with `prowler aws --list-checks-json`.
📖 **Developer Guide**
- We keep improving the Prowler documentation, specially the Developer Guide to help our contributors. Check it in the following link https://docs.prowler.cloud/en/latest/developer-guide/introduction/.
🧑🤝🧑 **Two new Prowler contributors!**
- Many thanks to vysakh-devopspace and gerardocampo for including more checks and keep improving Prowler!
What's Changed
Features
* feat(s3): Add S3 KMS encryption check by singergs in https://github.com/prowler-cloud/prowler/pull/2757
* feat(ec2): New check ec2_instance_detailed_monitoring_enabled by vysakh-devopspace in https://github.com/prowler-cloud/prowler/pull/2735
* feat(checks): dump all checks as a json file by jchrisfarris in https://github.com/prowler-cloud/prowler/pull/2683
* feat(ecr_repositories_scan_vulnerabilities_in_latest_image): Minimum severity is configurable by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2736
* feat(iam): Check inline policies in IAM Users, Groups & Roles for admin priv's by gerardocampo in https://github.com/prowler-cloud/prowler/pull/2750
* feat(compliance): Update AWS compliance frameworks after PR 2750 by gerardocampo in https://github.com/prowler-cloud/prowler/pull/2771
* feat(athena): New AWS Athena service + 2 workgroup checks by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2696
Fixes
* fix(azure): Status extended ends with a dot by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2725
* fix(is_account_only_allowed_in_condition): Context name on conditions are case-insensitive by christiandavilakoobin in https://github.com/prowler-cloud/prowler/pull/2726
* fix(gcp): Status extended ends with a dot by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2734
* fix(get_checks_from_input_arn): fix function and add tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2749
* fix(get_checks_from_input_arn): fix logic and add tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2764
* fix(get_regions_from_audit_resources): fix logic and add tests by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2766
* fix(nacls): Tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2760
* fix(iam_policy_allows_privilege_escalation): Handle admin permission so * by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2763
* fix(checks_to_execute): --checks and --resource_arn working together by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2743
* fix(ec2_securitygroup_default_restrict_traffic): fix check only allow empty rules by n4ch04 in https://github.com/prowler-cloud/prowler/pull/2777
Chores
* chore(regions_update): Changes in regions for AWS services. by sergargar in https://github.com/prowler-cloud/prowler/pull/2733, https://github.com/prowler-cloud/prowler/pull/2737, https://github.com/prowler-cloud/prowler/pull/2741, https://github.com/prowler-cloud/prowler/pull/2744, https://github.com/prowler-cloud/prowler/pull/2748, https://github.com/prowler-cloud/prowler/pull/2759, https://github.com/prowler-cloud/prowler/pull/2767 and https://github.com/prowler-cloud/prowler/pull/2773, https://github.com/prowler-cloud/prowler/pull/2776
* chore(parser): Move provider logic to their folder by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2746
* chore(s3): Move lib to the AWS provider and include tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2664
Security
* fix(security): GitPython issue by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2720
Documentation
* docs(style): Add more details by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2724
* docs(testing): Mocking the service and the service client at the service client level by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2747
* docs(audit_config): How to use it by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2739
* docs: explain output formats by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2774
* docs: Include new config ecr_repository_vulnerability_minimum_severity by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2775
Dependencies
* build(deps-dev): bump vulture from 2.7 to 2.8 by dependabot in https://github.com/prowler-cloud/prowler/pull/2727
* build(deps): bump mkdocs-material from 9.1.20 to 9.1.21 by dependabot in https://github.com/prowler-cloud/prowler/pull/2728
* build(deps): bump google-api-python-client from 2.95.0 to 2.96.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2729
* build(deps-dev): bump coverage from 7.2.7 to 7.3.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2730
* build(deps): bump azure-identity from 1.13.0 to 1.14.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2731
* build(deps): bump mkdocs-material from 9.1.21 to 9.2.1 by dependabot in https://github.com/prowler-cloud/prowler/pull/2752
* build(deps): bump google-api-python-client from 2.96.0 to 2.97.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2753
* build(deps-dev): bump pytest-randomly from 3.13.0 to 3.15.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2755
* build(deps): bump azure-mgmt-storage from 21.0.0 to 21.1.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2756
* build(deps): bump shodan from 1.29.1 to 1.30.0 by dependabot in https://github.com/prowler-cloud/prowler/pull/2754
Tests
* test(python): Test with 3.9, 3.10, 3.11 by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2718
* test(coverage): Add Codecov by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2719
* test(s3): Mock S3Control when used by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2722
* fix(test-vpc): use the right import paths by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2732
* tests(check_security_group) by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2740
* chore(tests): Replace sure with standard assert by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2738
* test(vpc_endpoint_services_allowed_principals_trust_boundaries) by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2768
* fix(test): Update moto to 4.1.15 and update tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/2769
New Contributors
* vysakh-devopspace made their first contribution in https://github.com/prowler-cloud/prowler/pull/2735
* gerardocampo made their first contribution in https://github.com/prowler-cloud/prowler/pull/2750
**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.8.2...3.9.0
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application