Data at risk

Azure Container Registry with Unrestricted Network Access

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCPA, CPRA, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Microsoft Cloud Security Benchmark, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-190, NIST 800-53, Orca Best Practices, PDPA, UK Cyber Essentials

Description

Azure Container Registry is a managed, private Docker registry service which is used to store and manage your private Docker container images and related artifacts. The Container Registry - {AzureContainerRegistry} is configured to be accessible over the public internet. By default, the Container Registry settings allow public access over the internet from any host on any network, which is considered a bad practice.