Additional info: Credit:
Apache Airflow PMC would like to thank James Srinivasan for reporting it. On Mon, Nov 14, 2022 at 12:50 AM Jarek Potiuk <pot...@apache.org> wrote: > > Severity: low > > Description: > > A vulnerability in UI of Apache Airflow allows an attacker to view unmasked > secrets in rendered template values for tasks which were not executed (for > example when they were depending on past and previous instances of the task > failed). This issue affects Apache Airflow prior to 2.3.1. > > References: > > https://github.com/apache/airflow/pull/22754 >
