VDB

GCVE-110-CLOUD-2024-0048

GCVE-110-CLOUD-2024-0048
Advisory Published
Vulnetix · Advisory published March 21, 2024
A flaw in Amazon Managed Workflows for Apache Airflow (MWAA) could have allowed potential session hijacking and remote code execution. The issue stemmed from a combination of session fixation in the MWAA web management panel and an AWS domain configuration error leading to a cross-site scripting (XSS) attack. Attackers exploiting this could manipulate victims' configurations, trigger workflows, and potentially move laterally to other services within the cloud environment. The exploit of this bug involved deploying malicious code via an Amazon API Gateway that interacts with the victim’s Airflow instance, setting a session cookie that bypasses normal authentication and grants the attacker access.

Affected Products

VendorProductVersionsPlatforms
AWSAPI Gateway
AWSMWAA
AWSConfig
AWSSES

References

FlowFixation
advisory
advisory

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›