Summary Amazon Managed Workflows for Apache Airflow (MWAA) and the Task instance details page in the Google Composer UI were not patched against CVE-2023-29247 (Stored XSS). This meant that post-authentication, a threat actor could have exploited this to store their JavaScript payload in the victim’s managed Apache Airflow instance and run JavaScript on behalf of…

Read More