{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7309", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-28T12:24:35.368Z", "datePublished": "2026-04-28T12:33:55.925Z", "dateUpdated": "2026-04-28T13:32:18.056Z"}, "containers": {"cna": {"title": "Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-openshift-controller-manager-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-7309", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463451", "name": "RHBZ#2463451", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-28T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "description": "Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-426: Untrusted Search Path", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-03-03T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-28T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Rohit Sanjay Khandke for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-28T12:33:55.925Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T13:32:12.175488Z", "id": "CVE-2026-7309", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T13:32:18.056Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7309", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T13:32:12.175488Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T13:32:14.883Z"}}], "cna": {"title": "Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection", "credits": [{"lang": "en", "value": "Red Hat would like to thank Rohit Sanjay Khandke for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-openshift-controller-manager-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-03-03T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-28T00:00:00.000Z", "value": "Made public."}], "datePublic": "2026-04-28T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-7309", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463451", "name": "RHBZ#2463451", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "Untrusted Search Path"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-28T12:33:55.925Z"}, "x_redhatCweChain": "CWE-426: Untrusted Search Path"}}, "cveMetadata": {"cveId": "CVE-2026-7309", "state": "PUBLISHED", "dateUpdated": "2026-04-28T13:32:18.056Z", "dateReserved": "2026-04-28T12:24:35.368Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-28T12:33:55.925Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic."}], "id": "CVE-2026-7309", "lastModified": "2026-04-28T20:23:20.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-28T13:19:24.847", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-7309"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463451"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T19:19:20.634529+00:00", "value": {"mitigation_remediation": ["Restrict or remove the ClusterRole 'edit' from users who do not require it, ensuring that only trusted users can instantiate build configurations.", "Review and sanitize environment variables in Docker build processes, blocking or filtering out sensitive variables such as LD_PRELOAD and http_proxy before they reach the build container.", "Monitor Red Hat security advisories for an official fix and upgrade the OpenShift Container Platform to a version that addresses the vulnerability as soon as it becomes available."], "summary": {"action": "Assess Impact", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected system is Red Hat OpenShift Container Platform 4. Specific product versions are not listed in the CNA data; therefore all current 4.x releases are potentially impacted unless a later patch version is released.", "description_and_impact": "A flaw in the OpenShift Container Platform build system allows a user with the edit ClusterRole to inject arbitrary environment variables, such as LD_PRELOAD or http_proxy, into docker-build containers through the buildconfigs/instantiate API. This capability enables the attacker to influence the build environment and potentially expose sensitive build traffic, directly compromising the confidentiality of data processed during builds. The vulnerability is a result of incomplete remediation for a prior issue and is classified under CWE\u2011426.", "risk_and_exploitability": "With a CVSS score of 4.3, the vulnerability is deemed moderate in severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a user with edit role privileges within the cluster, implying that the threat is limited to insiders or compromised accounts rather than external attackers. The impact is primarily a loss of confidentiality for build traffic rather than denial of service or code execution."}}}}, "created": "2026-04-28T19:30:27.375258+00:00", "updated": "2026-04-28T19:30:27.375269+00:00", "vendors": []}