Press "Enter" to skip to content

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

Cloud security company Light spin has discovered a serious security flaw in Amazon Elastic Container Registry’s (ECR) Public Gallery that could have been used to launch a variety of attacks.

“By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code,” Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News.

ALSO, READ Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

“This malicious code is executed on any machine that pulls and runs the image, whether on user’s local machines, Kubernetes clusters or cloud environments.”

CyberSecurity

ECR is a container image registry service managed by Amazon Web Services, enabling users to package code as Docker images and deploy the artifacts in a scalable manner. Public repositories hosted on ECR are displayed in what’s called the ECR Public Gallery.

“By default, your account has read and write access to the repositories in your public registry,” Amazon notes in its documentation. “However, IAM users require permissions to make calls to the Amazon ECR APIs and to push images to your repositories.”

ALSO, READ These Android Apps With A Million Play Store Installations Redirect Users To Malicious Sites

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

However, the problem discovered by Light spin meant that it could be used as a weapon by outside parties to delete, update, and produce poisoned versions of legitimate images in registries and repositories that are part of other AWS accounts by making use of undocumented internal ECR Public APIs.

Amazon ECR Public Gallery Vulnerability
Amazon ECR Public Gallery Vulnerability

This is achieved by acquiring temporary credentials using Amazon Cognito to authorize requests to the internal APIs and activate the action to delete images using “DeleteImageForConvergentReplicationInternal,” or alternatively push a new image via the “PutImageForConvergentReplicationInternal” action.

Lightspin characterized the flaw as an instance of “deep software supply chain attack.”

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

Amazon has since deployed a fix to resolve the weakness as of November 16, 2022, less than 24 hours after it was reported, indicative of the severity of the problem. No customer action is required.

ALSO, READ Cybersecurity Threat: A Growing Issue In Nigeria – NCC Research

“This vulnerability could potentially lead to denial-of-service, data exfiltration, lateral movement, privilege escalation, data destruction, and other multivariate attack paths that are only limited by the craftiness and goals of the adversary,” Amiga noted.

“A malicious actor could poison popular images, all while abusing the trust model of ECR Public as these images would masquerade as being verified and thus undermine the ECR Public supply chain.”

 

CYBERINFORMER.NET –  brings updates on the latest cyber security tips, online safety tips and cyber information, cyber security courses for Nigerians and Foreigners, Cyber security jobs for seekers and much more

If You find This article helpful please comment, subscribe and share

Be First to Comment

Leave a Reply

Mission News Theme by Compete Themes.
%d bloggers like this: