← voltar
CVE-2025-14243

Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

CVSS 5.3 MEDIUMEPSS 0.3%CWE-209
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
Red Hat · mirror registry for Red Hat OpenShiftRed Hat · mirror registry for Red Hat OpenShift 2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/security/cve/CVE-2025-14243https://bugzilla.redhat.com/show_bug.cgi?id=2419829