-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
clair-4.7.2, quay-v3.10.3
-
None
-
False
-
None
-
False
-
-
Description:
This is an issue found in Quay 3.10.3, after push image with various Critical/High Image Vulnerability from Microsoft CBL Mariner to Quay, Quay can't scan and report all image Vulnerability on Quay Console.
Quay: 3.10.3
Clair: 4.7.2
Test image:
https://mcr.microsoft.com/en-us/product/cbl-mariner/base/rust/tags
mcr.microsoft.com/cbl-mariner/base/rust:1.59.0-1-cm2.0.20220804-amd64
Quay 3.10.3 can't scan and report all image vulnerabilities of Microsoft CBL Mariner:
grype mcr.microsoft.com/cbl-mariner/base/rust:1.59.0-1-cm2.0.20220804-amd64 --scope all-layers
✔ Vulnerability DB [no update available]
✔ Loaded image mcr.microsoft.com/cbl-mariner/base/rust:1.59.0-1-cm2.0.20220804-amd64
✔ Parsed image sha256:6fd86e52a6c8d3e1f272526b9f6e23d0d1f65cfd9a583e2c2a4784df35b1ac07
✔ Cataloged contents 30eb89ab2735154bef71b3e68975fef15b39e9f709c22423db77083650c3937c
├── ✔ Packages [350 packages]
├── ✔ File digests [45,884 files]
└── ✔ File metadata [45,884 locations]
✔ Scanned for vulnerabilities [146 vulnerability matches]
├── by severity: 13 critical, 48 high, 80 medium, 5 low, 0 negligible
└── by status: 133 fixed, 13 not-fixed, 0 ignored
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
Pygments 2.4.2 2.7.4 python GHSA-pq64-v7f5-gqh8 High
Pygments 2.4.2 2.7.4 python GHSA-9w8r-397f-prfh High
Pygments 2.4.2 2.15.0 python GHSA-mrwq-x4v8-fh7p Medium
binutils 2.37-3.cm2 rpm CVE-2023-22609 Medium
binutils 2.37-3.cm2 rpm CVE-2023-22607 Medium
binutils 2.37-3.cm2 rpm CVE-2023-22606 Medium
binutils 2.37-3.cm2 rpm CVE-2023-22605 Medium
binutils 2.37-3.cm2 rpm CVE-2023-22604 Medium
binutils 2.37-3.cm2 rpm CVE-2023-22603 Medium
binutils 2.37-3.cm2 0:2.37-5.cm2 rpm CVE-2022-4285 Medium
binutils 2.37-3.cm2 0:2.37-4.cm2 rpm CVE-2022-38533 Medium
binutils-devel 2.37-3.cm2 rpm CVE-2023-22609 Medium
binutils-devel 2.37-3.cm2 rpm CVE-2023-22607 Medium
binutils-devel 2.37-3.cm2 rpm CVE-2023-22606 Medium
binutils-devel 2.37-3.cm2 rpm CVE-2023-22605 Medium
binutils-devel 2.37-3.cm2 rpm CVE-2023-22604 Medium
binutils-devel 2.37-3.cm2 rpm CVE-2023-22603 Medium
binutils-devel 2.37-3.cm2 0:2.37-5.cm2 rpm CVE-2022-4285 Medium
binutils-devel 2.37-3.cm2 0:2.37-4.cm2 rpm CVE-2022-38533 Medium
curl 7.84.0-1.cm2 0:8.3.0-2.cm2 rpm CVE-2023-38545 Critical
curl 7.84.0-1.cm2 0:7.86.0-1.cm2 rpm CVE-2022-42915 Critical
curl 7.84.0-1.cm2 0:8.2.1-1.cm2 rpm CVE-2023-28319 High
curl 7.84.0-1.cm2 0:7.86.0-2.cm2 rpm CVE-2022-43551 High
curl 7.84.0-1.cm2 0:7.86.0-1.cm2 rpm CVE-2022-42916 High
curl 7.84.0-1.cm2 0:8.5.0-1.cm2 rpm CVE-2023-46219 Medium
curl 7.84.0-1.cm2 0:8.5.0-1.cm2 rpm CVE-2023-46218 Medium
curl 7.84.0-1.cm2 0:8.2.1-1.cm2 rpm CVE-2023-28321 Medium
curl 7.84.0-1.cm2 0:8.2.1-1.cm2 rpm CVE-2023-28320 Medium
curl 7.84.0-1.cm2 0:8.3.0-2.cm2 rpm CVE-2023-38546 Low
curl 7.84.0-1.cm2 0:7.86.0-1.cm2 rpm CVE-2022-35252 Low
curl-libs 7.84.0-1.cm2 0:8.3.0-2.cm2 rpm CVE-2023-38545 Critical
curl-libs 7.84.0-1.cm2 0:7.86.0-1.cm2 rpm CVE-2022-42915 Critical
curl-libs 7.84.0-1.cm2 0:8.2.1-1.cm2 rpm CVE-2023-28319 High
curl-libs 7.84.0-1.cm2 0:7.86.0-2.cm2 rpm CVE-2022-43551 High
curl-libs 7.84.0-1.cm2 0:7.86.0-1.cm2 rpm CVE-2022-42916 High
curl-libs 7.84.0-1.cm2 0:8.5.0-1.cm2 rpm CVE-2023-46219 Medium
curl-libs 7.84.0-1.cm2 0:8.5.0-1.cm2 rpm CVE-2023-46218 Medium
curl-libs 7.84.0-1.cm2 0:8.2.1-1.cm2 rpm CVE-2023-28321 Medium
curl-libs 7.84.0-1.cm2 0:8.2.1-1.cm2 rpm CVE-2023-28320 Medium
curl-libs 7.84.0-1.cm2 0:8.3.0-2.cm2 rpm CVE-2023-38546 Low
curl-libs 7.84.0-1.cm2 0:7.86.0-1.cm2 rpm CVE-2022-35252 Low
e2fsprogs-libs 1.46.5-2.cm2 0:1.46.5-3.cm2 rpm CVE-2022-1304 High
expat 2.4.8-1.cm2 0:2.4.8-2.cm2 rpm CVE-2022-40674 Critical
expat 2.4.8-1.cm2 0:2.5.0-1.cm2 rpm CVE-2022-43680 High
expat-libs 2.4.8-1.cm2 0:2.4.8-2.cm2 rpm CVE-2022-40674 Critical
expat-libs 2.4.8-1.cm2 0:2.5.0-1.cm2 rpm CVE-2022-43680 High
gawk 5.1.0-2.cm2 0:5.1.1-1.cm2 rpm CVE-2023-4156 Medium
gcc 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
gcc-c++ 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
glibc 2.35-2.cm2 0:2.35-6.cm2 rpm CVE-2023-5156 High
glibc 2.35-2.cm2 0:2.35-5.cm2 rpm CVE-2023-4911 High
glibc 2.35-2.cm2 0:2.35-6.cm2 rpm CVE-2023-4806 Medium
glibc-devel 2.35-2.cm2 0:2.35-6.cm2 rpm CVE-2023-5156 High
glibc-devel 2.35-2.cm2 0:2.35-5.cm2 rpm CVE-2023-4911 High
glibc-devel 2.35-2.cm2 0:2.35-6.cm2 rpm CVE-2023-4806 Medium
gnupg2 2.3.3-3.cm2 0:2.4.0-1.cm2 rpm CVE-2022-3515 Critical
gnupg2 2.3.3-3.cm2 0:2.3.7-1.cm2 rpm CVE-2022-34903 Medium
gzip 1.11-1.cm2 0:1.12-1.cm2 rpm CVE-2022-1271 High
json-c 0.15-1.cm2 0:0.15-2.cm2 rpm CVE-2021-32292 Critical
krb5 1.19.3-1.cm2 0:1.19.4-2.cm2 rpm CVE-2023-36054 Medium
libarchive 3.6.1-1.cm2 0:3.6.1-2.cm2 rpm CVE-2022-36227 Critical
libcap 2.60-1.cm2 0:2.60-2.cm2 rpm CVE-2023-2603 High
libcap 2.60-1.cm2 0:2.60-2.cm2 rpm CVE-2023-2602 Low
libgcc 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libgcc-atomic 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libgcc-devel 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libgomp 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libgomp-devel 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libksba 1.6.0-1.cm2 0:1.6.3-1.cm2 rpm CVE-2022-47629 Critical
libpkgconf 1.8.0-2.cm2 0:1.8.0-3.cm2 rpm CVE-2023-24056 Medium
libssh2 1.9.0-2.cm2 0:1.9.0-3.cm2 rpm CVE-2020-22218 High
libstdc++ 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libstdc++-devel 11.2.0-2.cm2 0:11.2.0-6.cm2 rpm CVE-2023-4039 Medium
libtasn1 4.18.0-2.cm2 0:4.19.0-1.cm2 rpm CVE-2021-46848 Critical
libxml2 2.9.14-1.cm2 0:2.10.3-1.cm2 rpm CVE-2022-40304 High
libxml2 2.9.14-1.cm2 0:2.10.3-1.cm2 rpm CVE-2022-40303 High
libxml2 2.9.14-1.cm2 0:2.10.0-1.cm2 rpm CVE-2022-2309 High
libxml2 2.9.14-1.cm2 0:2.10.4-2.cm2 rpm CVE-2023-45322 Medium
libxml2 2.9.14-1.cm2 0:2.10.4-1.cm2 rpm CVE-2023-29469 Medium
libxml2 2.9.14-1.cm2 0:2.10.4-1.cm2 rpm CVE-2023-28484 Medium
libxml2 2.9.14-1.cm2 0:2.10.4-1.cm2 rpm CVE-2016-3709 Medium
libxml2-devel 2.9.14-1.cm2 0:2.10.3-1.cm2 rpm CVE-2022-40304 High
libxml2-devel 2.9.14-1.cm2 0:2.10.3-1.cm2 rpm CVE-2022-40303 High
libxml2-devel 2.9.14-1.cm2 0:2.10.0-1.cm2 rpm CVE-2022-2309 High
libxml2-devel 2.9.14-1.cm2 0:2.10.4-2.cm2 rpm CVE-2023-45322 Medium
libxml2-devel 2.9.14-1.cm2 0:2.10.4-1.cm2 rpm CVE-2023-29469 Medium
libxml2-devel 2.9.14-1.cm2 0:2.10.4-1.cm2 rpm CVE-2023-28484 Medium
libxml2-devel 2.9.14-1.cm2 0:2.10.4-1.cm2 rpm CVE-2016-3709 Medium
lua-libs 5.4.3-4.cm2 0:5.4.3-5.cm2 rpm CVE-2021-45985 High
lua-libs 5.4.3-4.cm2 0:5.4.4-1.cm2 rpm CVE-2021-44964 Medium
lxml 4.8.0 4.9.1 python GHSA-wrxv-2j5q-m38w Medium
ncurses 6.3-1.cm2 0:6.4-1.cm2 rpm CVE-2023-29491 High
ncurses 6.3-1.cm2 0:6.3-2.cm2 rpm CVE-2022-29458 High
ncurses-libs 6.3-1.cm2 0:6.4-1.cm2 rpm CVE-2023-29491 High
ncurses-libs 6.3-1.cm2 0:6.3-2.cm2 rpm CVE-2022-29458 High
openssl 1.1.1k-19.cm2 0:1.1.1k-21.cm2 rpm CVE-2023-0286 High
openssl 1.1.1k-19.cm2 0:1.1.1k-26.cm2 rpm CVE-2023-3817 Medium
openssl 1.1.1k-19.cm2 0:1.1.1k-25.cm2 rpm CVE-2023-2650 Medium
openssl 1.1.1k-19.cm2 0:1.1.1k-23.cm2 rpm CVE-2023-0466 Medium
openssl 1.1.1k-19.cm2 0:1.1.1k-23.cm2 rpm CVE-2023-0465 Medium
openssl 1.1.1k-19.cm2 0:1.1.1k-20.cm2 rpm CVE-2022-2097 Medium
openssl-libs 1.1.1k-19.cm2 0:1.1.1k-21.cm2 rpm CVE-2023-0286 High
openssl-libs 1.1.1k-19.cm2 0:1.1.1k-26.cm2 rpm CVE-2023-3817 Medium
openssl-libs 1.1.1k-19.cm2 0:1.1.1k-25.cm2 rpm CVE-2023-2650 Medium
openssl-libs 1.1.1k-19.cm2 0:1.1.1k-23.cm2 rpm CVE-2023-0466 Medium
openssl-libs 1.1.1k-19.cm2 0:1.1.1k-23.cm2 rpm CVE-2023-0465 Medium
openssl-libs 1.1.1k-19.cm2 0:1.1.1k-20.cm2 rpm CVE-2022-2097 Medium
patch 2.7.6-7.cm2 rpm CVE-2019-20633 Medium
pkgconf 1.8.0-2.cm2 0:1.8.0-3.cm2 rpm CVE-2023-24056 Medium
pkgconf-m4 1.8.0-2.cm2 0:1.8.0-3.cm2 rpm CVE-2023-24056 Medium
pkgconf-pkg-config 1.8.0-2.cm2 0:1.8.0-3.cm2 rpm CVE-2023-24056 Medium
python3 3.9.13-3.cm2 0:3.9.14-8.cm2 rpm CVE-2023-24329 High
python3 3.9.13-3.cm2 0:3.9.14-5.cm2 rpm CVE-2022-45061 High
python3 3.9.13-3.cm2 0:3.9.14-5.cm2 rpm CVE-2022-42919 High
python3 3.9.13-3.cm2 0:3.9.13-5.cm2 rpm CVE-2015-20107 High
python3-libs 3.9.13-3.cm2 0:3.9.14-8.cm2 rpm CVE-2023-24329 High
python3-libs 3.9.13-3.cm2 0:3.9.14-5.cm2 rpm CVE-2022-45061 High
python3-libs 3.9.13-3.cm2 0:3.9.14-5.cm2 rpm CVE-2022-42919 High
python3-libs 3.9.13-3.cm2 0:3.9.13-5.cm2 rpm CVE-2015-20107 High
rpm 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-35939 High
rpm 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-35938 High
rpm 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-35937 Medium
rpm 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-3521 Medium
rpm-libs 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-35939 High
rpm-libs 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-35938 High
rpm-libs 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-35937 Medium
rpm-libs 4.17.0-9.cm2 0:4.18.0-1.cm2 rpm CVE-2021-3521 Medium
rust 1.59.0-1.cm2 0:1.72.0-2.cm2 rpm CVE-2023-38497 High
rust 1.59.0-1.cm2 0:1.68.0-1.cm2 rpm CVE-2023-0464 High
rust 1.59.0-1.cm2 0:1.72.0-2.cm2 rpm CVE-2023-40030 Medium
rust 1.59.0-1.cm2 0:1.72.0-2.cm2 rpm CVE-2023-32001 Medium
rust 1.59.0-1.cm2 0:1.72.0-2.cm2 rpm CVE-2023-29932 Medium
rust 1.59.0-1.cm2 0:1.68.2-2.cm2 rpm CVE-2023-27477 Medium
rust 1.59.0-1.cm2 0:1.68.2-1.cm2 rpm CVE-2022-46176 Medium
sqlite-libs 3.36.0-3.cm2 0:3.39.2-2.cm2 rpm CVE-2022-46908 High
sqlite-libs 3.36.0-3.cm2 0:3.39.2-1.cm2 rpm CVE-2022-35737 High
sqlite-libs 3.36.0-3.cm2 0:3.39.2-3.cm2 rpm CVE-2023-7104 Medium
systemd 250.3-6.cm2 0:250.3-12.cm2 rpm CVE-2022-45873 Medium
systemd 250.3-6.cm2 0:250.3-13.cm2 rpm CVE-2022-4415 Medium
systemd 250.3-6.cm2 0:250.3-10.cm2 rpm CVE-2022-3821 Medium
systemd-rpm-macros 250.3-6.cm2 0:250.3-12.cm2 rpm CVE-2022-45873 Medium
systemd-rpm-macros 250.3-6.cm2 0:250.3-13.cm2 rpm CVE-2022-4415 Medium
systemd-rpm-macros 250.3-6.cm2 0:250.3-10.cm2 rpm CVE-2022-3821 Medium
xalan 2.7.2 2.7.3 java-archive GHSA-9339-86wc-4qgf High
zlib 1.2.12-1.cm2 0:1.2.12-2.cm2 rpm CVE-2022-37434 Critical
zlib-devel 1.2.12-1.cm2 0:1.2.12-2.cm2 rpm CVE-2022-37434 Critical
- relates to
-
CLAIRDEV-40 jar: support "package" jars
-
- Refinement
-