Cybersecurity researchers have disclosed a now-patched security flaw in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could have been exploited by malicious actors. This vulnerability, referred to as FlowFixation by Tenable, could allow attackers to hijack sessions and execute remote code on affected instances.
The flaw was identified and addressed by AWS following a technical analysis by senior security researcher Liv Matan. The exploit involved session fixation on the web management panel of AWS MWAA and a misconfiguration in an AWS domain, resulting in a cross-site scripting (XSS) attack.
By leveraging this vulnerability, attackers could manipulate victims into using the attacker’s session, thereby gaining unauthorized access to the victim’s web management panel. This issue extends beyond AWS to impact other cloud providers like Microsoft Azure and Google Cloud, highlighting concerns about same-site attacks and shared architecture vulnerabilities.
Both AWS and Azure have taken steps to mitigate the issue by adding the misconfigured domains to the Public Suffix List (PSL). However, Google Cloud has deemed the issue less severe and has not implemented a fix. Matan emphasized the importance of addressing these domain architecture issues to prevent unauthorized access, data leaks, and code execution.
Overall, the vulnerability underscores the risks associated with shared parent domains in cloud environments, which can be exploited for unauthorized access and security bypasses. It is crucial for cloud providers to address these vulnerabilities to safeguard their customers’ data and infrastructure.
