CVE-2023-38408 is not found on any images that other scanners show have it

[danekantner]

CVE-2023-38408 is not found on any images that other scanners (Google's own container registry scanner, Orca) show have it

us.gcr.io/tempus-container-registry/cert-manager-identity-sidecar:latest is a public image flagged by other scanners as having CVE-2023-38408 but nothing it is not reported on when scanned. The image apt list results show it is installed w/ the vulnerable version: openssh-client/now 1:8.4p1-5+deb11u1 amd64 [installed,local] as listed on the Debian page for the CVE.