Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA), a popular service for running Apache Airflow workflows on the cloud, was found to contain a vulnerability that would have allowed for one-click account takeover via session fixation. The vulnerability, dubbed FlowFixation, was discovered by Tenable Research last year and has since been fixed by Amazon, according to a Tenable blog post published Thursday.
Source: SC Magazine