Описание
Apache Airflow's create action can upsert existing Pools/Connections/Variables
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
Пакеты
Наименование
apache-airflow
pip
Затронутые версииВерсия исправления
>= 3.0.0, < 3.1.1
3.1.1
Связанные уязвимости
CVSS3: 4.6
nvd
3 месяца назад
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
CVSS3: 4.6
debian
3 месяца назад
User with CREATE and no UPDATE privilege for Pools, Connections, Varia ...