Major Description:
This is an issue found in Quay 3.10.3 with managed Clair Component, after push Suse Linux image with various vulnerabilities to Quay, found Quay Console can only report 1 image vulnerability, most of the vulnerabilities are not reported on Quay Console. see the whole list below, pls review this issue.
For example these Critical vulnerabilities are not reported by Clair.
libksba8 1.3.5-2.14 0:1.3.5-150000.4.3.1 rpm CVE-2022-3515 Critical libldap-2_4-2 2.4.46-9.51.1 0:2.4.46-150200.14.8.1 rpm CVE-2022-29155 Critical libldap-data 2.4.46-9.51.1 0:2.4.46-150200.14.8.1 rpm CVE-2022-29155 Critical libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-11.27.1 rpm CVE-2021-3711 Critical libtasn1 4.13-4.5.1 0:4.13-150000.4.8.1 rpm CVE-2021-46848 Critical libtasn1-6 4.13-4.5.1 0:4.13-150000.4.8.1 rpm CVE-2021-46848 Critical openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-11.27.1 rpm CVE-2021-3711 Critical
Quay: 3.10.3
Clair: 4.7.2
Test image: quay.io/lzha/quaydemo:suse
Quay 3.10.3 can't scan and report all image vulnerabilities of Suse Linux:
The following image vulnerabilities of Suse Linux should be scanned and reported:
grype quay.io/lzha/quaydemo:suse --scope all-layers
✔ Vulnerability DB [updated]
✔ Loaded image quay.io/lzha/quaydemo:suse
✔ Parsed image sha256:29db5464de2dc3cb69fdde6ad0839363ef1bc97d790c0e5742e05bf862c0b592
✔ Cataloged contents 9a7481a0fdfa816ad8d8bcee5ee2dd406c00ebc05aa060a37f28fe67e6a5a195
├── ✔ Packages [124 packages]
├── ✔ File digests [1,350 files]
└── ✔ File metadata [1,350 locations]
✔ Scanned for vulnerabilities [154 vulnerability matches]
├── by severity: 7 critical, 54 high, 84 medium, 9 low, 0 negligible
└── by status: 154 fixed, 0 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
container-suseconnect 2.3.0-4.15.2 0:2.4.0-150000.4.24.1 rpm CVE-2023-24532 High
container-suseconnect 2.3.0-4.15.2 0:2.4.0-150000.4.24.1 rpm CVE-2022-41724 High
container-suseconnect 2.3.0-4.15.2 0:2.4.0-150000.4.24.1 rpm CVE-2022-41723 High
container-suseconnect 2.3.0-4.15.2 0:2.4.0-150000.4.24.1 rpm CVE-2022-41720 High
container-suseconnect 2.3.0-4.15.2 0:2.4.0-150000.4.24.1 rpm CVE-2022-41725 Medium
cpio 2.12-3.3.1 0:2.12-3.9.1 rpm CVE-2021-38185 High
glibc 2.26-13.56.1 0:2.26-13.65.1 rpm CVE-2021-3999 High
glibc 2.26-13.56.1 0:2.26-150000.13.70.1 rpm CVE-2023-4813 Medium
glibc 2.26-13.56.1 0:2.26-13.65.1 rpm CVE-2022-23219 Medium
glibc 2.26-13.56.1 0:2.26-13.65.1 rpm CVE-2022-23218 Medium
glibc 2.26-13.56.1 0:2.26-13.65.1 rpm CVE-2015-8985 Medium
gpg2 2.2.5-4.14.4 0:2.2.5-150000.4.22.1 rpm CVE-2022-34903 Medium
krb5 1.16.3-3.15.1 0:1.16.3-150100.3.30.1 rpm CVE-2023-36054 High
krb5 1.16.3-3.15.1 0:1.16.3-150100.3.27.1 rpm CVE-2022-42898 Medium
libblkid1 2.33.1-4.13.1 0:2.33.2-4.16.1 rpm CVE-2021-37600 Medium
libcom_err2 1.43.8-4.23.1 0:1.43.8-150000.4.33.1 rpm CVE-2022-1304 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.57.1 rpm CVE-2023-28322 High
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.42.1 rpm CVE-2022-32221 High
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.33.1 rpm CVE-2022-27782 High
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.57.1 rpm CVE-2023-28321 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.36.1 rpm CVE-2022-32208 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.36.1 rpm CVE-2022-32206 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.27.1 rpm CVE-2021-22947 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.27.1 rpm CVE-2021-22946 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.22.1 rpm CVE-2021-22925 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.22.1 rpm CVE-2021-22924 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.22.1 rpm CVE-2021-22923 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.22.1 rpm CVE-2021-22922 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-4.17.1 rpm CVE-2021-22898 Medium
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.57.1 rpm CVE-2023-28320 Low
libcurl4 7.66.0-4.14.1 0:7.66.0-150200.4.33.1 rpm CVE-2022-27781 Low
libfdisk1 2.33.1-4.13.1 0:2.33.2-4.16.1 rpm CVE-2021-37600 Medium
libgcc_s1 10.2.1+git583-1.3.4 0:13.2.1+git7813-150000.1.6.1 rpm CVE-2023-4039 High
libgcrypt20 1.8.2-8.36.1 0:1.8.2-8.39.1 rpm CVE-2021-33560 High
libglib-2_0-0 2.62.6-3.6.1 0:2.62.6-150200.3.10.1 rpm CVE-2021-28153 Low
libgnutls30 3.6.7-14.10.2 0:3.6.7-150200.14.19.2 rpm CVE-2022-2509 High
libgnutls30 3.6.7-14.10.2 0:3.6.7-150200.14.28.1 rpm CVE-2023-5981 Medium
libhogweed4 3.4.1-4.12.1 0:3.4.1-4.18.1 rpm CVE-2021-3580 High
libhogweed4 3.4.1-4.12.1 0:3.4.1-4.15.1 rpm CVE-2021-20305 High
libksba8 1.3.5-2.14 0:1.3.5-150000.4.3.1 rpm CVE-2022-3515 Critical
libksba8 1.3.5-2.14 0:1.3.5-150000.4.6.1 rpm CVE-2022-47629 High
libldap-2_4-2 2.4.46-9.51.1 0:2.4.46-150200.14.8.1 rpm CVE-2022-29155 Critical
libldap-data 2.4.46-9.51.1 0:2.4.46-150200.14.8.1 rpm CVE-2022-29155 Critical
liblua5_3-5 5.3.4-3.3.2 0:5.3.6-3.6.1 rpm CVE-2020-24371 Medium
liblua5_3-5 5.3.4-3.3.2 0:5.3.6-3.6.1 rpm CVE-2020-24370 Low
liblz4-1 1.8.0-3.5.1 0:1.8.0-3.8.1 rpm CVE-2021-3520 High
liblzma5 5.2.3-4.3.1 0:5.2.3-150000.4.7.1 rpm CVE-2022-1271 High
libmount1 2.33.1-4.13.1 0:2.33.2-4.16.1 rpm CVE-2021-37600 Medium
libnettle6 3.4.1-4.12.1 0:3.4.1-4.18.1 rpm CVE-2021-3580 High
libnettle6 3.4.1-4.12.1 0:3.4.1-4.15.1 rpm CVE-2021-20305 High
libnghttp2-14 1.40.0-3.5.1 0:1.40.0-150200.12.1 rpm CVE-2023-44487 High
libnghttp2-14 1.40.0-3.5.1 0:1.40.0-150200.9.1 rpm CVE-2023-35945 High
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-11.27.1 rpm CVE-2021-3711 Critical
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.82.1 rpm CVE-2023-5678 High
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.57.1 rpm CVE-2023-0286 High
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.51.1 rpm CVE-2022-2097 High
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-11.43.1 rpm CVE-2022-0778 High
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.75.1 rpm CVE-2023-3817 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.72.1 rpm CVE-2023-3446 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.65.1 rpm CVE-2023-2650 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.62.1 rpm CVE-2023-0466 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.62.1 rpm CVE-2023-0465 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.62.1 rpm CVE-2023-0464 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.57.1 rpm CVE-2023-0215 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.57.1 rpm CVE-2022-4450 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.72.1 rpm CVE-2022-4304 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.48.1 rpm CVE-2022-2068 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.48.1 rpm CVE-2022-1292 Medium
libopenssl1_1 1.1.1d-11.20.1 0:1.1.1d-11.30.1 rpm CVE-2021-3712 Medium
libp11-kit0 0.23.2-4.8.3 0:0.23.2-4.13.1 rpm CVE-2020-29361 High
libpcre1 8.41-4.20 0:8.45-150000.20.13.1 rpm CVE-2022-1586 High
libpcre1 8.41-4.20 0:8.45-20.10.1 rpm CVE-2019-20838 High
libpcre1 8.41-4.20 0:8.45-20.10.1 rpm CVE-2020-14155 Medium
libsasl2-3 2.1.26-5.7.1 0:2.1.26-5.10.1 rpm CVE-2022-24407 High
libsasl2-3 2.1.26-5.7.1 0:2.1.26-150000.5.13.1 rpm CVE-2019-19906 High
libsmartcols1 2.33.1-4.13.1 0:2.33.2-4.16.1 rpm CVE-2021-37600 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.44.0-150000.3.23.1 rpm CVE-2023-2137 High
libsqlite3-0 3.28.0-3.9.2 0:3.39.3-150000.3.20.1 rpm CVE-2022-46908 High
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-13435 High
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-20218 High
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19926 High
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19880 High
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19603 High
libsqlite3-0 3.28.0-3.9.2 0:3.39.3-150000.3.17.1 rpm CVE-2022-35737 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.39.3-150000.3.17.1 rpm CVE-2021-36690 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-9327 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-15358 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-13632 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-13631 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-13630 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2020-13434 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19959 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19924 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19923 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19646 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19645 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19244 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2015-3415 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2015-3414 Medium
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19925 Low
libsqlite3-0 3.28.0-3.9.2 0:3.36.0-3.12.1 rpm CVE-2019-19317 Low
libstdc++6 10.2.1+git583-1.3.4 0:13.2.1+git7813-150000.1.6.1 rpm CVE-2023-4039 High
libsystemd0 234-24.79.1 0:234-24.93.1 rpm CVE-2021-33910 Medium
libtasn1 4.13-4.5.1 0:4.13-150000.4.8.1 rpm CVE-2021-46848 Critical
libtasn1-6 4.13-4.5.1 0:4.13-150000.4.8.1 rpm CVE-2021-46848 Critical
libtirpc-netconfig 1.0.2-3.8.1 0:1.0.2-150000.3.18.1 rpm CVE-2021-46828 High
libtirpc3 1.0.2-3.8.1 0:1.0.2-150000.3.18.1 rpm CVE-2021-46828 High
libudev1 234-24.79.1 0:234-24.93.1 rpm CVE-2021-33910 Medium
libuuid1 2.33.1-4.13.1 0:2.33.2-4.16.1 rpm CVE-2021-37600 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.51.1 rpm CVE-2022-40304 High
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.51.1 rpm CVE-2022-40303 High
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.57.1 rpm CVE-2022-29824 High
libxml2-2 2.9.7-3.28.1 0:2.9.7-3.34.1 rpm CVE-2021-3537 High
libxml2-2 2.9.7-3.28.1 0:2.9.7-3.34.1 rpm CVE-2021-3517 High
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.60.1 rpm CVE-2023-39615 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.57.1 rpm CVE-2023-29469 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.57.1 rpm CVE-2023-28484 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.46.1 rpm CVE-2022-23308 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-3.37.1 rpm CVE-2021-3541 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-3.34.1 rpm CVE-2021-3518 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-3.34.1 rpm CVE-2021-3516 Medium
libxml2-2 2.9.7-3.28.1 0:2.9.7-150000.3.51.1 rpm CVE-2016-3709 Medium
libyaml-cpp0_6 0.6.1-4.2.1 0:0.6.1-4.5.1 rpm CVE-2019-6292 Medium
libyaml-cpp0_6 0.6.1-4.2.1 0:0.6.1-4.5.1 rpm CVE-2019-6285 Medium
libyaml-cpp0_6 0.6.1-4.2.1 0:0.6.1-4.5.1 rpm CVE-2018-20574 Medium
libyaml-cpp0_6 0.6.1-4.2.1 0:0.6.1-4.5.1 rpm CVE-2018-20573 Medium
libz1 1.2.11-3.21.1 0:1.2.11-150000.3.33.1 rpm CVE-2022-37434 High
libz1 1.2.11-3.21.1 0:1.2.11-150000.3.30.1 rpm CVE-2018-25032 High
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-11.27.1 rpm CVE-2021-3711 Critical
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.82.1 rpm CVE-2023-5678 High
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.57.1 rpm CVE-2023-0286 High
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.51.1 rpm CVE-2022-2097 High
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-11.43.1 rpm CVE-2022-0778 High
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.75.1 rpm CVE-2023-3817 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.72.1 rpm CVE-2023-3446 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.65.1 rpm CVE-2023-2650 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.62.1 rpm CVE-2023-0466 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.62.1 rpm CVE-2023-0465 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.62.1 rpm CVE-2023-0464 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.57.1 rpm CVE-2023-0215 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.57.1 rpm CVE-2022-4450 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.72.1 rpm CVE-2022-4304 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.48.1 rpm CVE-2022-2068 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-150200.11.48.1 rpm CVE-2022-1292 Medium
openssl-1_1 1.1.1d-11.20.1 0:1.1.1d-11.30.1 rpm CVE-2021-3712 Medium
p11-kit 0.23.2-4.8.3 0:0.23.2-4.13.1 rpm CVE-2020-29361 High
p11-kit-tools 0.23.2-4.8.3 0:0.23.2-4.13.1 rpm CVE-2020-29361 High
pam 1.3.0-6.29.1 0:1.3.0-150000.6.66.1 rpm CVE-2024-22365 Medium
rpm 4.14.1-20.3 0:4.14.1-22.4.2 rpm CVE-2021-3421 Medium
rpm 4.14.1-20.3 0:4.14.1-22.4.2 rpm CVE-2021-20271 Low
rpm 4.14.1-20.3 0:4.14.1-22.4.2 rpm CVE-2021-20266 Low
shadow 4.6-3.5.6 0:4.6-150100.3.8.1 rpm CVE-2023-29383 Medium
shadow 4.6-3.5.6 0:4.6-150100.3.11.1 rpm CVE-2023-4641 Low
util-linux 2.33.1-4.13.1 0:2.33.2-4.16.1 rpm CVE-2021-37600 Medium
