VDB
GCVE-110-CLOUD-2024-0048
GCVE-110-CLOUD-2024-0048
Advisory Published
A flaw in Amazon Managed Workflows for Apache Airflow (MWAA) could have allowed potential session hijacking and remote code execution.
The issue stemmed from a combination of session fixation in the MWAA web management panel and an AWS domain configuration error leading
to a cross-site scripting (XSS) attack. Attackers exploiting this could manipulate victims' configurations, trigger workflows, and
potentially move laterally to other services within the cloud environment. The exploit of this bug involved deploying malicious code
via an Amazon API Gateway that interacts with the victim’s Airflow instance, setting a session cookie that bypasses normal authentication
and grants the attacker access.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | API Gateway | — | — |
| AWS | MWAA | — | — |
| AWS | Config | — | — |
| AWS | SES | — | — |
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.