Plattform
kubernetes
Komponente
mirror-registry
Behoben in
1.10.0
2.5.4
CVE-2025-14243 is a security vulnerability affecting the OpenShift Mirror Registry. This flaw enables an unauthenticated, remote attacker to discover valid usernames and email addresses by observing error messages generated during authentication attempts and account creation processes. The vulnerability impacts versions 1.0.0 through 2.5.3 of the OpenShift Mirror Registry, and a patch is available in version 2.5.4.
The primary impact of CVE-2025-14243 is information disclosure. While it doesn't allow direct access to user accounts or systems, the ability to enumerate usernames and email addresses provides attackers with valuable reconnaissance data. This information can be used to craft highly targeted phishing campaigns, social engineering attacks, or to identify potential targets for brute-force password attacks. The enumeration of email addresses also increases the risk of spam and other unwanted communications directed at users within the organization. The lack of authentication required for exploitation significantly broadens the attack surface, making it easier for malicious actors to probe the registry for vulnerable configurations.
CVE-2025-14243 was published on 2026-04-08. The vulnerability's severity is pending further evaluation. No public exploits or active campaigns targeting this vulnerability have been reported at the time of publication. It is not currently listed on KEV or EPSS, suggesting a low probability of immediate exploitation, but continued monitoring is recommended.
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-14243 is to upgrade OpenShift Mirror Registry to version 2.5.4 or later. If an immediate upgrade is not possible, consider implementing stricter rate limiting on authentication endpoints to slow down enumeration attempts. Web Application Firewalls (WAFs) can be configured to detect and block suspicious patterns in authentication requests. Monitor authentication logs for unusual activity, such as a high volume of failed login attempts from a single source. After upgrading, confirm the vulnerability is resolved by attempting to trigger the enumeration behavior and verifying that no usernames or email addresses are disclosed.
Actualice a la versión 2.5.4 o superior del OpenShift Mirror Registry para mitigar la vulnerabilidad de enumeración de usuarios. Esta actualización corrige el problema al validar correctamente las entradas de usuario y evitar la divulgación de información sensible a través de mensajes de error. Consulte la documentación oficial de Red Hat para obtener instrucciones detalladas de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
The OpenShift Mirror Registry is a local copy of a container registry (such as Docker Hub) used to improve container image download speeds and ensure availability in case of issues with the original registry.
Version 2.5.4 contains the necessary fixes to prevent user and email enumeration, mitigating the CVE-2025-14243 vulnerability.
You can restrict access to the mirror registry and review the logging configuration to minimize information exposed in error messages.
Regularly review the mirror registry logs for unusual authentication attempts or account creation-related errors.
Red Hat provides tools and guidance for vulnerability assessment. Refer to the official Red Hat OpenShift documentation for more information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.