Loading...

XML

Word

Printable

Type: Ticket
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- reported-by-customer

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False

Risk Probability:
Very Likely
Risk Score:
0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Why need this Task?

I am seeing inconsistencies in vulnerability data.

Description:

I am having trouble understanding the vulnerability data reported for UBI Images.
Let's take this example:

UBI10 Minimal base image (10.0-1755721767): registry.access.redhat.com/ubi10/ubi-minimal:10.0-1755721767
This image contains the coreutils-9.5-6.el10 package
According to the VEX file https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json, coreutils-9.5-6.el10 is vulnerable to CVE-2025-5278.
But according to the Red Hat Container Catalog https://catalog.redhat.com/en/software/containers/ubi10/ubi-minimal/66f1504a379b9c2cf23e145c#security, this image does not have any unfixed vulnerability.

Is there a different source for UBI vulnerabilities that I should be aware of? Or are there any indications that could help me understand how I can properly report vulnerabilities for UBI images?

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot 2026-01-12 at 8.52.42 AM.png
245 kB
2026/01/12 4:54 PM

Assignee:: Unassigned

Reporter:: Marian Corneci

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2026/01/12 3:38 PM

Updated:: 2026/01/13 10:03 PM

Resolved:: 2026/01/13 10:03 PM

Details

Description

Attachments

Attachments

Easy Agile Planning Poker

Activity

People

Dates