Amazon ECR Public Gallery flaw could have wiped or poisoned any image

A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.

Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

A Lightspin security analyst discovered a new flaw in the ECR Public Gallery where it’s possible to modify existing public images, layers, tags, registries, and repositories of other users by abusing undocumented API actions.

Characteristically, the top six most downloaded container images in ECR Public Gallery have had over 13 billion downloads, so any malicious injection in them could have resulted in “Out-of-control” infections.

On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry Public Gallery, a public website for finding and sharing public container images.

The researcher identified an ECR API action that, if called, could have enabled modification or removal of images available on ECR Public Gallery.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

This field is for validation purposes and should be left unchanged.
Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

This site is registered on wpml.org as a development site.