CVE's asp.net for both resource-discovery and scraper

[dpericaxon]

Report

It looks like there are 2 CVE's related to the Distro mariner-mariner-2.0 and package asp.net-core 7.0.8 where there appears to be a fix for them recently released. Links to the fix is below.

https://nvd.nist.gov/vuln/detail/CVE-2023-38180

https://nvd.nist.gov/vuln/detail/CVE-2023-35391

Vulnerability Information

No response

Affected Component(s)

Resource Discovery, Scraper

Affected Version(s)

All

Vulnerability Migitation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391

Vulnerability Fix

No response

Contact Details

No response

[cb-axon]

It should also be noted that CVE-2023-38180 is on CISA's Known Exploited Vulnerabilities List, with a Due date of August 30, 2023 - https://www.cisa.gov/news-events/alerts/2023/08/09/cisa-adds-one-known-exploited-vulnerability-catalog

[tomkerkhove]

New images are pushed, notes go up next week

[tomkerkhove]

Release is done:

• https://github.com/tomkerkhove/promitor/releases/tag/Scraper-v2.11.0
• https://github.com/tomkerkhove/promitor/releases/tag/ResourceDiscovery-v0.11.0