"AWS Fixes 1-Click Apache Airflow Session Hijack Flaw"

Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) had a vulnerability that enabled session hijacking with a single click. Tenable Research discovered the vulnerability, dubbed "FlowFixation," last year, which Amazon has since fixed. According to researchers, FlowFixation could have been exploited to gain access to another user's AWS MWAA web panel session by an attacker hosting malicious code on their own AWS domain, such as an Amazon API Gateway REST API instance they control. To gain this access, the attacker would need to lure the victim to their own domain, triggering the hosted script to insert a cookie containing the attacker's session ID into the victim's browser. Once the attacker can access the victim's web panel, they could view potentially sensitive workflow data, perform Remote Code Execution (RCE), and move laterally across other services. This article continues to discuss the FlowFixation vulnerability and other issues discovered during the investigation of the flaw. 

SC Media reports "AWS Fixes 1-Click Apache Airflow Session Hijack Flaw"

Submitted by grigby1

Submitted by Gregory Rigby on