Source |
Vuln AWS |
Identifiant |
8296116 |
Date de publication |
2022-12-13 13:59:27 (vue: 2022-12-30 21:12:45) |
Titre |
Reported ECR Public Gallery Issue |
Texte |
Initial Publication Date: 12/13/2022 9:00AM EST
On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry (ECR) Public Gallery, a public website for finding and sharing public container images. The researcher identified an ECR API action that, if called, could have enabled modification or removal of images available on ECR Public Gallery.
As of November 15, 2022, the identified issue was remediated. We have conducted exhaustive analysis of all logs, we are confident our review was conclusive, and that the only activity associated with this issue was between accounts owned by the researcher. No other customers' accounts were affected, and no customer action is required.
We would like to thank Lightspin for reporting this issue.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com. |
Envoyé |
Oui |
Condensat |
12/13/2022 2022 9:00am accounts action activity affected all amazon analysis and api are associated attention available aws between brought called can com concerns conclusive conducted confident container could customer customers date: ecr elastic enabled exhaustive finding for gallery have identified images initial issue lightspin like logs modification november only other our owned public publication questions registry related remediated removal reported reporting required researcher review security security@amazon sharing thank that the this via was website were with would |
Tags |
|
Stories |
|
Notes |
★★
|
Move |
|