A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.
Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.
A Lightspin security analyst discovered a new flaw in the ECR Public Gallery where it’s possible to modify existing public images, layers, tags, registries, and repositories of other users by abusing undocumented API actions.
Characteristically, the top six most downloaded container images in ECR Public Gallery have had over 13 billion downloads, so any malicious injection in them could have resulted in “Out-of-control” infections.
On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry Public Gallery, a public website for finding and sharing public container images.
The researcher identified an ECR API action that, if called, could have enabled modification or removal of images available on ECR Public Gallery.