Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image registry service.
Images in the registry can be referenced with tags. When a repository has mutable tags, an attacker with access to the registry could upload a compromised image, and assign to it the tag of an image used in production, so that the compromised image would be used instead.
|Potential data exposure||Visible in logs||User interaction required||Privileges required|
Disable tag mutability on the registry.