Vulnerability Allowed One-Click Takeover of AWS Service Accounts
March 21, 2024 at 09:45AM Cybersecurity company Tenable disclosed a one-click vulnerability on AWS service allowing complete user account takeover. Named FlowFixation, it affected the Managed Workflows Apache Airflow service. The flaw, now patched, enabled session manipulation for web management panel takeover and potential remote code execution. Tenable’s wider findings on misconfigured shared-parent domains prompted … Read more