Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-10131

ACS High Severity Violations - Fixable CVEs in PostgreSQL Images

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • quay-v3.16.1
    • quay
    • None

      Advanced Cluster Security (ACS) detected two High severity Vulnerability Management violations in Quay operator v3.16.1 deployment.

      Affected Deployments:

      1. quay-quay-database
      • Image: registry.redhat.io/rhel9/postgresql-13@sha256:5105fc7494c8e9886204951ea6eed0a04dcc638ea65a2e1c15df5ebf99aae356
      • Policy: Fixable Severity at least Important
      • Category: Vulnerability Management
      • Severity: High
      1. quay-clair-postgres
      • Image: registry.redhat.io/rhel9/postgresql-15@sha256:90ec347a35ab8a5d530c8d09f5347b13cc71df04f3b994bfa8b1a409b1171d59
      • Policy: Fixable Severity at least Important
      • Category: Vulnerability Management
      • Severity: High

      Environment:

      • Namespace: quay-enterprise
      • Quay Operator Version: v3.16.1
      • Detection Time: Jan 08, 2026 12:35 PM GMT+8

      Impact:
      Both PostgreSQL images contain fixable CVEs with Important or higher severity. This poses a security risk as patches are available but not applied.

      Recommended Action:
      Update Quay operator to use latest PostgreSQL images with security patches applied.

       

        1. image-2026-01-08-12-52-47-905.png
          502 kB
          Sean Zhao
        2. image-2026-01-08-12-54-10-802.png
          393 kB
          Sean Zhao
        3. image-2026-01-08-12-55-10-667.png
          342 kB
          Sean Zhao

              Unassigned Unassigned
              szhao@redhat.com Sean Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: