{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-28T00:00:00Z",
  "bugzilla" : {
    "description" : "openshift-controller-manager: OpenShift Container Platform: Information disclosure via environment variable injection",
    "id" : "2463451",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2463451"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-426",
  "details" : [ "A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic.", "A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulnerability allows for information disclosure, specifically impacting the confidentiality of build traffic." ],
  "statement" : "This vulnerability relies on the proxy env var whitelist in the BuildConfig API, but the practical exploitability is limited by the fact that users with the required permissions (edit role) already have direct secret read access. The \"minimal role\" scenario is potentially unsupported. The strategic fix is migration to Builds for OpenShift.",
  "acknowledgement" : "Red Hat would like to thank Rohit Sanjay Khandke for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "openshift4/ose-openshift-controller-manager-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-7309\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7309" ],
  "name" : "CVE-2026-7309",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}