FlowFixation Account Takeover Vulnerability Impacts AWS Managed Apache Airflow Service
FlowFixation Account Takeover Vulnerability Impacts AWS Managed Apache Airflow Service
22 March 2024
The FlowFixation account-takeover vulnerability, now fixed by AWS, results from a combination of session fixation on the web management panel of the AWS MWAA together with an Amazon AWS domain misconfiguration that leads to cross-site scripting.