critical

ECR Public vulnerability in undocumented API

Published Tue, Dec 13th, 2022

Platforms

Summary

A vulnerability in Elastic Container Registry (ECR) Public could have allowed a malicious actor to delete, update, or create ECR Public images, layers, or tags in registries and repositories belonging to any other AWS account, by abusing undocumented API calls. A malicious actor could have exploited this to delete any or all images in the Amazon ECR Public Gallery or update the content of any existing image to inject malicious code on any machine that would pull and run it.

Affected Services

ECR Public

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://blog.lightspin.io/aws-ecr-public-vulnerability https://aws.amazon.com/security/security-bulletins/AWS-2022-010/

Contributed by https://github.com/guycoldham

Entry Status

Finalized

Disclosure Date

Tue, Nov 15th, 2022

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

8.93

(PI:1.5/A1:20/A2:1/A7:1.1/A8:1.1)

Discovered by

Gafnit Amiga, Lightspin

More vulnerabilities...

critical

Hell's Keychain

IBM Cloud Databases for PostgreSQL was vulnerable to an attack sequence comprised of PostgreSQL privilege escalation via SQL Injection and chaining of three secrets scattered in the service environ...

Ronen Shustin, Shir Tamari,...

Thu, Dec 1st, 2022

high

AWS AppSync confused deputy via ServiceRoleArn

The AWS AppSync service could be coerced to assume arbitrary roles in other customers' accounts which trusted the AppSync service. This was due to insufficient validation of a serviceRoleArn parame...

Nick Frichette, Datadog

Mon, Nov 21st, 2022

medium

Azure Devops account takeover via dangling subdomain takeover

Binary Security discovered and registered two dangling cloudapp.azure.com subdomains corresponding to subdomains at visualstudio.com. Had these been discovered and registered by an attacker, this w...

Christian August Holm Hanse...

Mon, Nov 7th, 2022

View all