Workflow Manipulation

medium

workflow-manipulation

Attacker exploits workflow orchestration to bypass security controls or execute unauthorized steps

TamperingElevation of Privilege

MITRE ATT&CK techniques

ID	Name	Tactic
T1078	Valid Accounts	Persistence

Common Weakness Enumeration

Mitigating controls

ctrl-workflow-1: Implement least-privilege execution roles for each workflow step
ctrl-workflow-2: Validate state transitions and inputs at each step
ctrl-workflow-3: Enable comprehensive workflow execution logging
ctrl-workflow-4: Use workflow versioning and change management

References

https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability