Security Vulnerabilities Identified in prometheus-operator:v0.85.0

### What happened?

Image: prometheus-operator:v0.85.0
Description: Our security scans have identified vulnerabilities in the Busybox packages included in the prometheus-operator container. Details are as follows:

`<label for="82808-expand2-tab2" class="data-item flex1" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; color: rgb(8, 177, 213); cursor: pointer; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">▼ busybox</label><span class="flex1 data-item" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">/bin/[<span class="flex1 data-item" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">EXECUTABLE<span class="flex1 data-item" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">1.36.1<span class="flex1 data-item" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><span class="flex1 data-item" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><span class="flex1 data-item" style="box-sizing: border-box; margin: 0px; padding: 7px 10px; flex: 1 1 0%; border-top: none; border-right: 1px solid rgb(31, 159, 186); border-bottom: none; border-left: none; border-image: initial; position: relative; text-overflow: ellipsis; overflow: hidden; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><div class="more-info px10" style="box-sizing: border-box; margin: 0px; padding: 0px 10px; display: block; width: 1444.09px; border-top: 1px solid rgb(31, 159, 186); background: 0px 0px !important; color: rgb(70, 69, 71); font-family: &quot;Lucida Grande&quot;, &quot;Lucida Sans&quot;, Arial, sans-serif; font-size: medium; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">
Name | Custom Severity | Severity | Score | Fix Version | Acknowledged | Exploit Availability | Exploit Type | Exploit Reference
-- | -- | -- | -- | -- | -- | -- | -- | --
CVE-2023-42364 |   | medium | 5.5 | None |   |   |   |  
CVE-2023-42363 |   | medium | 5.5 | None |   |   |   |  
CVE-2023-42365 |   | medium | 5.5 | None |   |   |   |  
CVE-2023-42366 |   | medium | 5.5 | None |   |   |   |  
CVE-2025-46394 |   | low | 3.3 | None |   |   |   |  

</div>
Would it be possible to address these vulnerabilities in the next release of the image?

Please let us know if an update is planned or if there’s a recommended workaround in the meantime.

Thank you for your support!

### Prometheus Operator Version

```shell
v0.85.0
```

### Kubernetes Version

```yaml
Client Version: v1.32.0
Kustomize Version: v5.5.0
Server Version: v1.32.8-eks-e386d34
```

### Kubernetes Cluster Type

EKS

### How did you deploy Prometheus-Operator?

helm chart:prometheus-community/kube-prometheus-stack

### Manifests

```yaml

```

### prometheus-operator log output

```shell
NA
```

### Anything else?

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Vulnerabilities Identified in prometheus-operator:v0.85.0 #8011

What happened?

Prometheus Operator Version

Kubernetes Version

Kubernetes Cluster Type

How did you deploy Prometheus-Operator?

Manifests

prometheus-operator log output

Anything else?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Name	Severity	Score	Fix Version
CVE-2023-42364	medium	5.5	None
CVE-2023-42363	medium	5.5	None
CVE-2023-42365	medium	5.5	None
CVE-2023-42366	medium	5.5	None
CVE-2025-46394	low	3.3	None

Security Vulnerabilities Identified in prometheus-operator:v0.85.0 #8011

Description

What happened?

Prometheus Operator Version

Kubernetes Version

Kubernetes Cluster Type

How did you deploy Prometheus-Operator?

Manifests

prometheus-operator log output

Anything else?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions