Skip to Content

AWS Elastic Container Register Public (ECR Public) vulnerability

Updated on 2022-12-13

A severe vulnerability in Amazon ECR Public Gallery could enable attackers to delete any container image or insert malicious code into the images of other accounts. Read more: Amazon ECR Public Gallery flaw could have wiped or poisoned any image

Overview: AWS ECR vulnerability

Cybersecurity firm Ligthspin has discovered a vulnerability in the AWS Elastic Container Register Public (ECR Public) that allows an attacker to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS accounts. The Amazon ECR Public Gallery is a public portal that lists all public repositories hosted on the Amazon ECR Public service. Amazon has rolled out patches during the December Patch Tuesday. Read more:

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on