Klexadoc

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.1 **Description** The issue allows authenticated users who have access to see the task/dag in the UI to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. This is related to the disclosure of protected information. **Recommendations** For Apache Airflow versions prior to 2.7.1, upgrade to version 2.7.1 or later, which has removed the vulnerability.