ECR Public vulnerability in undocumented API

Published Tue, Dec 13th, 2022


A vulnerability in Elastic Container Registry (ECR) Public could have allowed a malicious actor to delete, update, or create ECR Public images, layers, or tags in registries and repositories belonging to any other AWS account, by abusing undocumented API calls. A malicious actor could have exploited this to delete any or all images in the Amazon ECR Public Gallery or update the content of any existing image to inject malicious code on any machine that would pull and run it.

Affected Services

ECR Public


None required

Tracked CVEs

No tracked CVEs


Disclosure Date
Tue, Nov 15th, 2022
Exploitablity Period
Known ITW Exploitation
Detection Methods
Piercing Index Rating
Discovered by
Gafnit Amiga, Lightspin