Aqua Security researchers discovered over 10,000 container registries and 7,000 artifact repositories owned by businesses that are exposed to the internet and could give attackers access to sensitive information, including access tokens, encryption keys, database passwords, internal IP addresses, and filesystem paths.

• Some registries also allowed anonymous users to connect to the entire registry, which could allow attackers to plan and execute attacks against production and development systems or inject malicious code.
• Shadow IT and careless configuration are common reasons for registry exposure, and organizations should immediately check if their registries are unintentionally exposed to the internet and limit access to them.

The Aqua researchers make the following recommendations:

• Secure repositories with network controls such as a VPN or firewall.
• Implement strong authentication and authorization measures, including using strong passwords, two-factor authentication, SSO, and replacing default passwords.
• Regularly rotate keys, credentials, and secrets to prevent unauthorized access.
• Implement least privilege access controls and scoping, assigning the appropriate level of access to different roles, especially for anonymous access, and restricting access to specific repositories and artifacts as needed.
• Regularly scan for sensitive data and vulnerabilities and promptly address and mitigate any issues.