Initial Publication Date: 12/13/2022 9:00AM EST

On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry (ECR) Public Gallery, a public website for finding and sharing public container images. The researcher identified an ECR API action that, if called, could have enabled modification or removal of images available on ECR Public Gallery.

As of November 15, 2022, the identified issue was remediated. We have conducted exhaustive analysis of all logs, we are confident our review was conclusive, and that the only activity associated with this issue was between accounts owned by the researcher. No other customers’ accounts were affected, and no customer action is required.

We would like to thank Lightspin for reporting this issue.

Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.