The Clair vulnerability scanner's fetcher (libindex/fetcher.go:195-213) makes outbound HTTP GET requests to URIs specified in manifest layer descriptors without IP or scheme filtering. Authentication via PSK is opt-in (server.go:105) — if no PSK is configured, the indexer API is fully unauthenticated. An attacker can POST to /indexer/api/v1/index_report with a manifest containing a URI pointing to internal services or cloud metadata endpoints (e.g. 169.254.169.254). While digest validation prevents full response body exfiltration, the CheckResponse function in internal/httputil/responsechecker.go reflects the first 256 bytes of non-200 response bodies in error messages, making the SSRF reflective rather than blind. Content-Type headers and post-redirect URLs are also reflected. For operator-managed Quay deployments, the operator auto-generates a PSK (pkg/kustomize/secrets.go:42-50, 441-445), so PSK auth is enforced by default and the unauthenticated vector is blocked. Standalone Clair deployments without PSK configuration are fully exposed.