Amazon ECR Public Gallery flaw could have wiped or poisoned any image


Attackers may have been able to delete any container image or introduce malicious code into the images of other AWS accounts because to a serious security issue in the Amazon ECR (Elastic Container Registry) Public Gallery. On November 15, 2022, the researcher notified AWS Security of the issue; within 24 hours, Amazon had released a remedy.

A public repository of container images called Amazon ECR Public Gallery is used to share ready-to-use software and well-known Linux distributions including Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

Read More…