← back
CVE-2025-14243

Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

CVSS 5.3 MEDIUMEPSS 0.3%CWE-209
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Red Hat · mirror registry for Red Hat OpenShiftRed Hat · mirror registry for Red Hat OpenShift 2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/security/cve/CVE-2025-14243https://bugzilla.redhat.com/show_bug.cgi?id=2419829