CVE-2025-14243

medium

Description

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2419829

https://access.redhat.com/security/cve/CVE-2025-14243

Details

Source: Mitre, NVD

Published: 2026-04-08

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N