AWS fixes vulnerability affecting container image repository

Amazon Web Services (AWS) has fixed a new vulnerability affecting a website for finding and sharing public container images – foundational files containing code that runs on IT infrastructure. 

The website, Elastic Container Register Public, is a popular gallery where companies, like NGINX, Ubuntu, Amazon Linux, and HashiCorp Consul, publish container images for public consumption and usage.

Gafnit Amiga, director of security research at Lightspin, discovered a vulnerability on the site that allows attackers to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS accounts.

“A malicious actor could poison popular images, all while abusing the trust model of ECR Public as these images would masquerade as being verified and thus undermine the ECR Public supply chain,” she said. 

“This vulnerability could potentially lead to denials of service, data exfiltration, lateral movement, privilege escalation, data destruction, and other multivariate attack paths that are only limited by the craftiness and goals of the adversary.”

Amiga published a blog post explaining how she was able to access the ECR Public service and activate undocumented internal actions that allowed her to delete, update and create ECR Public images.

They reported the vulnerability to the AWS Security Outreach Team, which immediately responded and worked with the ECR team to fix the vulnerability in less than 24 hours.

In a statement to The Record, AWS said they were notified of the issue on November 14, explaining that Amiga “identified an ECR API action that, if called, could have enabled modification or removal of images available on ECR Public Gallery.”

“We have conducted exhaustive analysis of all logs. We are confident our review was conclusive, and that the only activity associated with this issue was between accounts owned by the researcher,” AWS said. 

“No other customers’ accounts were affected, and no customer action is required. We would like to thank Lightspin for reporting this issue.”

Amiga noted in her blog that a malicious actor could have deleted all images in the Amazon ECR Public Gallery or updated the image contents to inject malicious code. The malicious code could then have been executed on any machine that pulls and runs the image, whether on a user’s local machines, Kubernetes clusters or cloud environments. 

The vulnerability could also be used to “poison” popular images, such as from CloudWatch agent, Datadog agent, EKS Distro, Amazon Linux and NGINX, Amiga said. 

The top six most popular (by downloads) images on the ECR Public Gallery combine for around 13 billion downloads and there are several thousands more images stored on ECR Public, she noted.

Amiga explained that the issue was a classic example of a deep software supply chain attack akin to what happened with SolarWinds, where an attacker could take actions that made them appear as verified Registries belonging to Amazon, Canonical, and other popular companies.

“It is difficult to guess exactly what would happen, but nearly any goal ranging from destruction and exfiltration to persistence and lateral movement can be executed from within a containerized environment,” she said. 

“Supply chain attacks are an insidious and hard-to-detect and prevent attack vector. Given the wide breadth and depth of a software supply chain, this makes it exceptionally hard to cover all ground.”