AWS Patches Essential ‘FlowFixation’ Bug in Airflow Service to Stop Session Hijacking

Session Hijacking

Cybersecurity researchers have shared particulars of a now-patched safety vulnerability in Amazon Net Companies (AWS) Managed Workflows for Apache Airflow (MWAA) that might be doubtlessly exploited by a malicious actor to hijack victims’ classes and obtain remote code execution on underlying cases.

The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.

“Upon taking on the sufferer’s account, the attacker may have carried out duties equivalent to studying connection strings, including configurations and triggering directed acyclic graphs (DAGS),” senior safety researcher Liv Matan said in a technical evaluation.

“Underneath sure circumstances such actions may end up in RCE on the occasion that underlies the MWAA, and in lateral motion to different providers.”


The basis reason for the vulnerability, per the cybersecurity agency, is a mixture of session fixation on the internet administration panel of AWS MWAA and an AWS area misconfiguration that leads to a cross-site scripting (XSS) assault.

Session fixation is a web attack technique that happens when a consumer is authenticated to a service with out invalidating any current session identifiers. This allows the adversary to force (aka fixate) a identified session identifier on a consumer in order that, as soon as the consumer authenticates, the attacker has entry to the authenticated session.

Session Hijacking

By abusing the shortcoming, a menace actor may have compelled victims to make use of and authenticate the attacker’s identified session and finally take over the sufferer’s internet administration panel.

“FlowFixation highlights a broader challenge with the present state of cloud suppliers’ area structure and administration because it pertains to the Public Suffix Listing (PSL) and shared-parent domains: same-site assaults,” Matan stated, including the misconfiguration additionally impacts Microsoft Azure and Google Cloud.

Tenable additionally identified that the shared structure – the place a number of clients have the identical mother or father area – might be a goldmine for attackers seeking to exploit vulnerabilities like same-site assaults, cross-origin points, and cookie tossing, successfully resulting in unauthorized entry, information leaks, and code execution.


The shortcoming has been addressed by each AWS and Azure including the misconfigured domains to PSL, thus inflicting internet browsers to acknowledge the added domains as a public suffix. Google Cloud, however, has described the problem as not “extreme sufficient” to benefit a repair.

“Within the case of same-site assaults, the safety influence of the talked about area structure is critical, with heightened danger of such assaults in cloud environments,” Matan defined.

“Amongst these, cookie-tossing assaults and same-site attribute cookie safety bypass are significantly regarding as each can circumvent CSRF safety. Cookie-tossing assaults also can abuse session-fixation points.”

Notify of
Inline Feedbacks
View all comments
Previous Post
Prove Compliance With Our Privacy Laws

Show Compliance With Our Privateness Legal guidelines

Next Post
8 Strategies for Enhancing Code Signing Security

8 Methods for Enhancing Code Signing Safety

Related Posts