Updated on 2022-12-13
A severe vulnerability in Amazon ECR Public Gallery could enable attackers to delete any container image or insert malicious code into the images of other accounts. Read more: Amazon ECR Public Gallery flaw could have wiped or poisoned any image
Overview: AWS ECR vulnerability
Cybersecurity firm Ligthspin has discovered a vulnerability in the AWS Elastic Container Register Public (ECR Public) that allows an attacker to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS accounts. The Amazon ECR Public Gallery is a public portal that lists all public repositories hosted on the Amazon ECR Public service. Amazon has rolled out patches during the December Patch Tuesday. Read more: