Amazon ECR Public Gallery flaw could have wiped or poisoned any image
13-Dec-22
Attackers may have been able to delete any container image or introduce malicious code into the images of other AWS accounts because to a serious security issue in the Amazon ECR (Elastic Container Registry) Public Gallery. On November 15, 2022, the researcher notified AWS Security of the issue; within 24 hours, Amazon had released a remedy.
A public repository of container images called Amazon ECR Public Gallery is used to share ready-to-use software and well-known Linux distributions including Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.
