Back to directory
WRITEUP #382

FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk

CloudAccount takeoverRCECookie tossingSession fixation
by@terminatorLM(Liv Matan)
Program
AWSMicrosoft (Azure)Google (GCP)
Published
Mar 21, 2024
Added to HackDex
Aug 14, 2024
Read Full Writeuphttps://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails
RELATED WRITEUPS
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
Forced SSO Session Fixation
Auth BypassSSO
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
RCEOTP bruteforce
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection

Built with ❤️ by Shubham Rawat