← volver
CVE-2025-14243

Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

CVSS 5.3 MEDIUMEPSS 0.3%CWE-209
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Red Hat · mirror registry for Red Hat OpenShiftRed Hat · mirror registry for Red Hat OpenShift 2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/security/cve/CVE-2025-14243https://bugzilla.redhat.com/show_bug.cgi?id=2419829