Incorrect Permission Assignment for Critical Resource
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The ECR repository policy is granting access to all users by using a wildcard (’*’) as the principal. This makes the repository publicly accessible, exposing images to anyone on the internet.
Impact#
If exploited, unauthorized users could pull, push, or delete container images in your repository. This could lead to data leaks, service disruptions, or compromise of your application supply chain.