FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk
Tenable
MARCH 21, 2024
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. By abusing the vulnerability, an attacker could have forced victims to use and authenticate the attacker’s known session.
Let's personalize your content