Apache · Apache Airflow · CVE-2022-27949
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow versions prior to 2.3.1
**Description**
A vulnerability in the UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks that were not executed, such as when tasks were depending on past instances and previous instances of the task failed.
**Recommendations**
For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue.