AWS fixes 1-click Apache Airflow session hijack flaw

Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA), a popular service for running Apache Airflow workflows on the cloud, was found to contain a vulnerability that would have allowed for session hijacking in one click. The vulnerability, dubbed FlowFixation, was discovered by Tenable Research last year and has since been fixed by Amazon, according to a Tenable blog post published Thursday.

Source: SC Magazine