SYM_CONF_0270 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Incorrect Permission Assignment for Critical Resource

Property Value
Language hcl
Severity medium
CWE CWE-732: Incorrect Permission Assignment for Critical Resource
OWASP A05:2021 - Security Misconfiguration
Confidence Level Medium
Impact Level Medium
Likelihood Level Medium

Description

The ECR repository policy is granting access to all users by using a wildcard ('*') as the principal. This makes the repository publicly accessible, exposing images to anyone on the internet.

Impact

If exploited, unauthorized users could pull, push, or delete container images in your repository. This could lead to data leaks, service disruptions, or compromise of your application supply chain.