writeups.xyz / FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk

Submitter : c2a

Date: 21 March 2024

Bounty : undisclosed

Vulnerabilities :

• Cloud
• Account Takeover
• RCE
• Cookie Tossing
• Session Fixation

Programs :

• AWS
• Microsoft (Azure)
• Google (GCP)

Authors :

• Liv Matan (@TerminatorLM)

Link :
https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails