Home

Description

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.

PUBLISHED Reserved 2025-12-08 | Published 2026-04-08 | Updated 2026-04-08 | Assigner redhat




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

Generation of Error Message Containing Sensitive Information

Product status

Default status
affected

Default status
affected

Timeline

2025-12-08:Reported to Red Hat.
2026-04-08:Made public.

Credits

Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-14243 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2419829 (RHBZ#2419829) issue-tracking

cve.org (CVE-2025-14243)

nvd.nist.gov (CVE-2025-14243)

Download JSON