Debian Temporary Vulnerability Showing In Scan Results

[amitverse]

Description

While scanning debian:10 image, I see vulnerability:TEMP-0517018-A83CE6 in my scan results.

But if I see here https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6. Debian vendor says it's a
Automatically generated temporary name. Not for external reference. So this vulnerability should not appear in scan results.

Desired Behavior

TEMP-0517018-A83CE6 shouldn't be shown in scan results as per debian vendor

Actual Behavior

TEMP-0517018-A83CE6 is shown in scan results

Reproduction Steps

1.Scan 
2.And check the scan results
...

Target

None

Scanner

None

Output Format

None

Mode

None

Debug Output

2024-08-01T15:46:15+05:30	DEBUG	Cache dir	dir="/Users/amitbhardwaj/Library/Caches/trivy"
2024-08-01T15:46:15+05:30	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-08-01T15:46:15+05:30	DEBUG	Ignore statuses	statuses=[]
2024-08-01T15:46:15+05:30	DEBUG	DB update was skipped because the local DB is the latest
2024-08-01T15:46:15+05:30	DEBUG	DB info	schema=2 updated_at=2024-08-01T06:12:55.53001753Z next_update=2024-08-01T12:12:55.5300173Z downloaded_at=2024-08-01T09:32:05.114041Z
2024-08-01T15:46:15+05:30	DEBUG	[pkg] Package types	types=[os library]
2024-08-01T15:46:15+05:30	DEBUG	[pkg] Package relationships	relationships=[unknown root direct indirect]
2024-08-01T15:46:15+05:30	INFO	[vuln] Vulnerability scanning is enabled
2024-08-01T15:46:15+05:30	INFO	[secret] Secret scanning is enabled
2024-08-01T15:46:15+05:30	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-01T15:46:15+05:30	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-01T15:46:15+05:30	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-08-01T15:46:15+05:30	DEBUG	Initializing scan cache...	type="fs"
2024-08-01T15:46:19+05:30	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-08-01T15:46:19+05:30	DEBUG	[secret] No secret config detected	config_path="trivy-secret.yaml"
2024-08-01T15:46:21+05:30	DEBUG	[image] Detected image ID	image_id="sha256:69530eaa9e7e18d0aad40c38b75a22b40c6ebdc374c059bd5f2eb07042caa50a"
2024-08-01T15:46:21+05:30	DEBUG	[image] Detected diff ID	diff_ids=[sha256:19b1230ac19da0b27c923fa01d30578f13ca2b309e8b25f04023e433df628c70]
2024-08-01T15:46:21+05:30	DEBUG	[image] Detected base layers	diff_ids=[]
2024-08-01T15:46:21+05:30	INFO	Detected OS	family="debian" version="10.13"
2024-08-01T15:46:21+05:30	INFO	[debian] Detecting vulnerabilities...	os_version="10" pkg_num=91
2024-08-01T15:46:21+05:30	INFO	Number of language-specific files	num=0
2024-08-01T15:46:21+05:30	WARN	Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.54/docs/scanner/vulnerability#severity-selection for details.
2024-08-01T15:46:21+05:30	WARN	This OS version is no longer supported by the distribution	family="debian" version="10.13"
2024-08-01T15:46:21+05:30	WARN	The vulnerability detection may be insufficient because security updates are not provided
2024-08-01T15:46:21+05:30	DEBUG	[vex] VEX filtering is disabled

Operating System

macOS-64bit (arm64)

Version

trivy version 0.54.1

Checklist

• Run trivy clean --all
• Read the troubleshooting