Frieder Gottman

**Name of the Vulnerable Software and Affected Versions** Airflow versions prior to 3.1.4 Airflow versions prior to 2.11.1 **Description** A flaw exists in Airflow where the user interface (UI) error reporting could expose sensitive information passed as keyword arguments (`kwargs`) to operators when a Directed Acyclic Graph (DAG) failed during parsing. This exposure was limited to authenticated users with permission to view the affected DAG. The issue could lead to the disclosure of secrets or other sensitive values included within the `kwargs`. **Recommendations** Upgrade to Airflow version 3.1.4 or later. Upgrade to Airflow version 2.11.1 or later.