ECR repository policy must block public access
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ecr |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The ECR repository policy allows public access, which means anyone on the internet can read from or write to the repository. This configuration exposes sensitive container images and related artifacts to unauthorized users.
Impact#
If exploited, attackers could download, modify, or replace container images, potentially leading to data leaks, deployment of malicious code, and compromise of applications that use these images. This can severely impact the security and integrity of the organization’s infrastructure.
Resolution#
Do not allow public access in the policy