Security News > 2022 > December > Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

A critical security flaw has been disclosed in Amazon Elastic Container Registry Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin.

"By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News.

ECR is a container image registry service managed by Amazon Web Services, enabling users to package code as Docker images and deploy the artifacts in a scalable manner.

Public repositories hosted on ECR are displayed in what's called the ECR Public Gallery.

The issue identified by Lightspin meant that it could be weaponized by external actors to delete, update, and create poisoned versions of legitimate images in registries and repositories that belong to other AWS accounts by taking advantage of undocumented internal ECR Public APIs.

"A malicious actor could poison popular images, all while abusing the trust model of ECR Public as these images would masquerade as being verified and thus undermine the ECR Public supply chain."

News URL

https://thehackernews.com/2022/12/serious-attacks-could-have-been-staged.html