This repository was archived by the owner on Sep 10, 2025. It is now read-only.
This repository was archived by the owner on Sep 10, 2025. It is now read-only.
ECR Resource Policy Misconfiguration #308
Description
Description
https://github.com/aws-samples/private-llm-qa-bot/blob/v1.3.7/code/main/ecr-policy.json is misconfigured with unreasonable across account access.
Impact
The misconfiguration allowed potential unauthorized access to ECR repositories from external AWS accounts,The affected container images did not contain sensitive data, only the public source code of Lambda functions. If others reuse this misconfigured policy and their ECR contains sensitive information, it could potentially lead to security vulnerabilities.