cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
balbarka
Calcite | Level 5 balbarka
Calcite | Level 5
Go to Solution

SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-12-2023 04:05 PM (1313 views)

Where would we find out if a cloud provider vulnerability is mitigated in SAS Viya Azure Pay-As-You-Go?

 

Specific to my scenario, I am running V.04.00M0P011723 and the vulnerability of concern is CVE-2023-29332, Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability.

 

I assume that the SAS Viya Azure Pay-As-You-Go managed version will not make this update automatically after restart. So would it be necessary to create a new managed deployment from azure market place once I confirm a newer release has this vulnerability mitigated?

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
rich_sas
SAS Employee rich_sas
SAS Employee

Re: SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-12-2023 04:31 PM (1299 views)  |   In reply to balbarka

Hi @balbarka -

 

Based on your installed version of SAS Viya, I believe you are running on AKS major version 1.24, which is not vulnerable to CVE-2023-29332:

 

You can confirm you AKS version in the Azure portal by navigating to your managed application and clicking on the "Parameters and Outputs" pane. At the bottom, you should see a value called kubernetesVersion in the outputs that shows the AKS version that was deployed.

 

Please let me know if you have any further questions or concerns.

 

Best regards,

 

Rich

View solution in original post

0 Likes
Reply
2 REPLIES 2
rich_sas
SAS Employee rich_sas
SAS Employee

Re: SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-12-2023 04:31 PM (1300 views)  |   In reply to balbarka

Hi @balbarka -

 

Based on your installed version of SAS Viya, I believe you are running on AKS major version 1.24, which is not vulnerable to CVE-2023-29332:

 

You can confirm you AKS version in the Azure portal by navigating to your managed application and clicking on the "Parameters and Outputs" pane. At the bottom, you should see a value called kubernetesVersion in the outputs that shows the AKS version that was deployed.

 

Please let me know if you have any further questions or concerns.

 

Best regards,

 

Rich

0 Likes
Reply
balbarka
Calcite | Level 5 balbarka
Calcite | Level 5

Re: SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-13-2023 01:26 PM (1253 views)  |   In reply to rich_sas

Thanks @rich_sas ! Confirmed as described:
aks_version.jpg

0 Likes
Reply

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

Discussion stats
  • 2 replies
  • ‎09-12-2023 04:05 PM
  • 1314 views
  • 0 likes
  • 2 in conversation