A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin.

“By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code,” Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News.

“This malicious code is executed on any machine that pulls and runs the image, whether on user’s local machines, Kubernetes clusters or cloud environments.”

ECR is a container image registry service managed by Amazon Web Services, enabling users to package code as Docker images and deploy the artifacts in a scalable manner. Public repositories hosted on ECR are displayed in what’s called the ECR Public Gallery.

“By default, your account has read and write access to the repositories in your public registry,” Amazon notes in its documentation. “However, IAM users require permissions to make calls to the Amazon ECR APIs and to push images to your repositories.”

But the issue identified by Lightspin meant that it could be weaponized by external actors to delete, update, and create poisoned versions of legitimate images in registries and repositories that belong to other AWS accounts by taking advantage of undocumented internal ECR Public APIs.

This is achieved by acquiring temporary credentials using Amazon Cognito to authorize requests to the internal APIs and activate the action to delete images using “DeleteImageForConvergentReplicationInternal,” or alternatively push a new image via the “PutImageForConvergentReplicationInternal” action.

Lightspin characterized the flaw as an instance of “deep software supply chain attack.”

Amazon has since deployed a fix to resolve the weakness as of November 16, 2022, less than 24 hours after it was reported, indicative of the severity of the problem. No customer action is required.

“This vulnerability could potentially lead to denial-of-service, data exfiltration, lateral movement, privilege escalation, data destruction, and other multivariate attack paths that are only limited by the craftiness and goals of the adversary,” Amiga noted.

“A malicious actor could poison popular images, all while abusing the trust model of ECR Public as these images would masquerade as being verified and thus undermine the ECR Public supply chain.”