Severity: low Affected versions:
- Apache Airflow (apache-airflow> 3.0.0, < 3.1.1) 3.0.0 before 3.1.1 Description: User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action. Credit: Maciej Kawka (finder) References: https://lists.apache.org/thread/3v58249qscyn1hg240gh8hqg9pb4okcr https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-62503 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
