cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
balbarka
Calcite | Level 5 balbarka
Calcite | Level 5
Go to Solution.

SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-12-2023 04:05 PM (421 views)

Where would we find out if a cloud provider vulnerability is mitigated in SAS Viya Azure Pay-As-You-Go?

 

Specific to my scenario, I am running V.04.00M0P011723 and the vulnerability of concern is CVE-2023-29332, Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability.

 

I assume that the SAS Viya Azure Pay-As-You-Go managed version will not make this update automatically after restart. So would it be necessary to create a new managed deployment from azure market place once I confirm a newer release has this vulnerability mitigated?

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
rich_sas
SAS Employee rich_sas
SAS Employee

Re: SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-12-2023 04:31 PM (407 views)  |   In reply to balbarka

Hi @balbarka -

 

Based on your installed version of SAS Viya, I believe you are running on AKS major version 1.24, which is not vulnerable to CVE-2023-29332:

 

You can confirm you AKS version in the Azure portal by navigating to your managed application and clicking on the "Parameters and Outputs" pane. At the bottom, you should see a value called kubernetesVersion in the outputs that shows the AKS version that was deployed.

 

Please let me know if you have any further questions or concerns.

 

Best regards,

 

Rich

View solution in original post

0 Likes
Reply
2 REPLIES 2
rich_sas
SAS Employee rich_sas
SAS Employee

Re: SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-12-2023 04:31 PM (408 views)  |   In reply to balbarka

Hi @balbarka -

 

Based on your installed version of SAS Viya, I believe you are running on AKS major version 1.24, which is not vulnerable to CVE-2023-29332:

 

You can confirm you AKS version in the Azure portal by navigating to your managed application and clicking on the "Parameters and Outputs" pane. At the bottom, you should see a value called kubernetesVersion in the outputs that shows the AKS version that was deployed.

 

Please let me know if you have any further questions or concerns.

 

Best regards,

 

Rich

0 Likes
Reply
balbarka
Calcite | Level 5 balbarka
Calcite | Level 5

Re: SAS Viya Azure Pay-As-You-Go Vulnerability Mitigation (CVE-2023-29332)

Posted 09-13-2023 01:26 PM (361 views)  |   In reply to rich_sas

Thanks @rich_sas ! Confirmed as described:
aks_version.jpg

0 Likes
Reply

SAS INNOVATE 2024

Innovate_SAS_Blue.png

Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

Discussion stats
  • 2 replies
  • ‎09-12-2023 04:05 PM
  • 422 views
  • 0 likes
  • 2 in conversation