Share via

Prisma detect issues in aks clusters

Lopes Gomes, Eduardo 21 Reputation points
2023-03-06T20:18:39.92+00:00

Hello,

Recently Accenture implemented the Prisma tool that scans inside Kubernetes clusters.

What happens is that we are receiving many issues related to the images we use and the clusters themselves, however we believe that since the clusters are managed by the Azure team we should not mess with them directly.

Another detail that is causing strangeness to us is that we are already using aks version 1.25.5 and even so Prisma points out issues from older versions.

Some of these issues as examples are:

CVE-2020-29652

CVE-2021-3121

CVE-2020-29652

CVE-2020-8558

There are actually more than 300 similar issues.

We contacted the Accenture team that is handling the Prisma implementation and reported these situations, they recommended to contact Azure support, so we are asking for your help to know how to proceed in these situations.

Thank you in advance for your help.

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
0 comments
Accepted answer
  1. Cristian Gatjens 716 Reputation points Microsoft Employee
    2023-03-06T21:41:02.3766667+00:00

    Hello @Lopes Gomes, Eduardo ,

    Thank you for reaching out & I hope you are doing well.

    Please check the following documentation that describes how AKS handles CVEs:

    https://learn.microsoft.com/en-us/azure/aks/concepts-vulnerability-management#how-vulnerabilities-are-updated

    Please have in mind that we rely on the vendor to release a fix so we can include it in the latest VHD.

    If you take for example CVE https://ubuntu.com/security/CVE-2020-29652 you can check if the release has a fix or not. You can also check if the vulnerability affects a specific package and then review the AKS Releases notes for the updated package version that includes the fix:

    https://github.com/Azure/AKS/releases

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well. Feel free to reply with any other questions or concerns.

    Hope this helps!

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. PauloMatos 170 Reputation points
    2023-03-06T21:48:57.1366667+00:00

    Hello,

    https://go-review.googlesource.com/c/crypto/+/278852

    Fixes CVE-2020-29652

    https://security.netapp.com/advisory/ntap-20210219-0006/

    see remediation

    Fixes CVE-2021-3121

    https://github.com/kubernetes/kubernetes/issues/92315

    Fixes CVE-2020-8558

    You can find fixes to the other vulnerabilities in:

    https://www.cve.org

    I hope it helps

    Paulo Matos

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.