#ApacheAirflow

AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking

by

March 22, 2024 at 10:03AM Cybersecurity researchers detailed a security vulnerability in AWS Managed Workflows for Apache Airflow that’s now fixed by AWS, named FlowFixation by Tenable. It could allow a threat actor to hijack sessions, achieve code execution, and perform same-site attacks, impacting AWS, Azure, and Google Cloud. Both AWS and Azure have addressed … Read more

Vulnerability Allowed One-Click Takeover of AWS Service Accounts

by

March 21, 2024 at 09:45AM Cybersecurity company Tenable disclosed a one-click vulnerability on AWS service allowing complete user account takeover. Named FlowFixation, it affected the Managed Workflows Apache Airflow service. The flaw, now patched, enabled session manipulation for web management panel takeover and potential remote code execution. Tenable’s wider findings on misconfigured shared-parent domains prompted … Read more