Tag
A malicious actor or misconfigured legitimate user can modify an Amazon ECR repository or registry policy to grant public access using a wildcard principal (`Principal:"*"`), which can lead to the exfiltration of proprietary container images and embedded secrets, or facilitate supply-chain implantation if push permissions are also granted.