AWS ECR public image uploaded
Description
AlphaSOC detected an image upload to an AWS ECR public repository. Public ECR repositories make container images accessible to anyone. Uploading images to public repositories may indicate data exfiltration through container layers or unintentional exposure of proprietary code and configurations.
Impact
Container images may contain sensitive data, credentials, or proprietary application code. Uploading to public repositories exposes this information to anyone on the internet. Attackers may use public repositories to stage data for exfiltration or distribute malicious container images.
Severity
| Severity | Condition |
|---|---|
Low | AWS ECR public image uploaded |
Investigation and Remediation
Review the uploaded image contents for sensitive data or credentials. Verify the identity that performed the upload and confirm it was authorized. If the upload was unauthorized or contains sensitive data, delete the image immediately and investigate potential data exposure.
Known False Positives
- Legitimate open-source project distributions
- Public documentation or example images
- Intentionally shared base images