Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-10037

Quay 3.14.6 HIGH Image vulnerability reported by Redhat ACS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • None
    • quay-v3.14.6
    • quay-operator
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Description:

      This is an issue found in Quay 3.14.6, after deployed Quay 3.14.6 with Quay Operator, found Redhat ACS reported HIGH Image Vulnerability of Quay Postgres Database, Clair Postgres Database and Redis, pls review this issue.

      Quay 3.14.6:

      quay.io/redhat-user-workloads/quay-eng-tenant/stable-3-14-v4-20@sha256:f4067696293550d2ab31f98ada39afac6f65e109f1842dae619353b7912f99e2 

      Quay 3.14.6 Postgres Image:
      registry.redhat.io/rhel8/postgresql-13@sha256:05ebb5e22be17bd434277c4ea35031a4f7c07f7422a07ee15286407f25b072a0
       
      Clair Postgres Image:
      registry.redhat.io/rhel8/postgresql-13@sha256:05ebb5e22be17bd434277c4ea35031a4f7c07f7422a07ee15286407f25b072a0
       
      Redis Image:
      registry.redhat.io/rhel8/redis-6@sha256:cefc749916bb70a025acb560e3863e0593015832044b31d7e23e400e20b89bff

      Quay Database:

      Fixable CVE-2024-12718 (CVSS 7.6) (severity Important) found in component 'platform-python' (version 3.6.8-69.el8_10) in container 'postgres', resolved by version 0:3.6.8-70.el8_10

Fixable CVE-2024-12718 (CVSS 7.6) (severity Important) found in component 'python3-libs' (version 3.6.8-69.el8_10) in container 'postgres', resolved by version 0:3.6.8-70.el8_10

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-libs' (version 32:9.11.36-16.el8_10.4) in container 'postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-16.el8_10.4) in container 'postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-license' (version 32:9.11.36-16.el8_10.4) in container 'postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-utils' (version 32:9.11.36-16.el8_10.4) in container 'postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'python3-bind' (version 32:9.11.36-16.el8_10.4) in container 'postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-4138 (CVSS 7.5) (severity Important) found in component 'platform-python' (version 3.6.8-69.el8_10) in container 'postgres', resolved by version 0:3.6.8-70.el8_10

Fixable CVE-2025-4138 (CVSS 7.5) (severity Important) found in component 'python3-libs' (version 3.6.8-69.el8_10) in container 'postgres', resolved by version 0:3.6.8-70.el8_10

Fixable CVE-2025-4517 (CVSS 7.6) (severity Important) found in component 'platform-python' (version 3.6.8-69.el8_10) in container 'postgres', resolved by version 0:3.6.8-70.el8_10

Fixable CVE-2025-4517 (CVSS 7.6) (severity Important) found in component 'python3-libs' (version 3.6.8-69.el8_10) in container 'postgres', resolved by version 0:3.6.8-70.el8_10

Fixable CVE-2025-49794 (CVSS 9.1) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'postgres', resolved by version 0:2.9.7-21.el8_10.1

Fixable CVE-2025-49796 (CVSS 9.1) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'postgres', resolved by version 0:2.9.7-21.el8_10.1

Fixable CVE-2025-5914 (CVSS 7.3) (severity Important) found in component 'bsdtar' (version 3.3.3-5.el8) in container 'postgres', resolved by version 0:3.3.3-6.el8_10

      Clair Database:

      Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-libs' (version 32:9.11.36-16.el8_10.4) in container 'clair-postgres', resolved by version 32:9.11.36-16.el8_10.6  

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-16.el8_10.4) in container 'clair-postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-license' (version 32:9.11.36-16.el8_10.4) in container 'clair-postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'bind-utils' (version 32:9.11.36-16.el8_10.4) in container 'clair-postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-40778 (CVSS 8.6) (severity Important) found in component 'python3-bind' (version 32:9.11.36-16.el8_10.4) in container 'clair-postgres', resolved by version 32:9.11.36-16.el8_10.6

Fixable CVE-2025-49794 (CVSS 9.1) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'clair-postgres', resolved by version 0:2.9.7-21.el8_10.1

Fixable CVE-2025-49796 (CVSS 9.1) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'clair-postgres', resolved by version 0:2.9.7-21.el8_10.1

Fixable CVE-2025-5914 (CVSS 7.3) (severity Important) found in component 'bsdtar' (version 3.3.3-5.el8) in container 'clair-postgres', resolved by version 0:3.3.3-6.el8_10

Fixable CVE-2025-5914 (CVSS 7.3) (severity Important) found in component 'libarchive' (version 3.3.3-5.el8) in container 'clair-postgres', resolved by version 0:3.3.3-6.el8_10

Fixable CVE-2025-6020 (CVSS 7.8) (severity Important) found in component 'pam' (version 1.3.1-37.el8_10) in container 'clair-postgres', resolved by version 0:1.3.1-38.el8_10

Fixable CVE-2025-7425 (CVSS 7.8) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'clair-postgres', resolved by version 0:2.9.7-21.el8_10.2

Fixable CVE-2025-8941 (CVSS 7.8) (severity Important) found in component 'pam' (version 1.3.1-37.el8_10) in container 'clair-postgres', resolved by version 0:1.3.1-38.el8_10  

      Redis:

      Fixable CVE-2025-49794 (CVSS 9.1) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'redis-master', resolved by version 0:2.9.7-21.el8_10.1

Fixable CVE-2025-49796 (CVSS 9.1) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'redis-master', resolved by version 0:2.9.7-21.el8_10.1

Fixable CVE-2025-5914 (CVSS 7.3) (severity Important) found in component 'bsdtar' (version 3.3.3-5.el8) in container 'redis-master', resolved by version 0:3.3.3-6.el8_10

Fixable CVE-2025-5914 (CVSS 7.3) (severity Important) found in component 'libarchive' (version 3.3.3-5.el8) in container 'redis-master', resolved by version 0:3.3.3-6.el8_10

Fixable CVE-2025-6020 (CVSS 7.8) (severity Important) found in component 'pam' (version 1.3.1-37.el8_10) in container 'redis-master', resolved by version 0:1.3.1-38.el8_10

Fixable CVE-2025-7425 (CVSS 7.8) (severity Important) found in component 'libxml2' (version 2.9.7-20.el8_10) in container 'redis-master', resolved by version 0:2.9.7-21.el8_10.2

Fixable CVE-2025-8941 (CVSS 7.8) (severity Important) found in component 'pam' (version 1.3.1-37.el8_10) in container 'redis-master', resolved by version 0:1.3.1-38.el8_10

        1. image-2025-12-17-15-59-21-440.png
          image-2025-12-17-15-59-21-440.png
          694 kB

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: