Piotr Chomiak

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 2.5.0 through 2.6.1 **Description** The issue in Apache Airflow involves the potential exposure of sensitive values to users under certain conditions. This is mitigated by the default configuration not showing sensitive information in the UI, unless `[webserver] expose config` is set to `non-sensitive-only`. Not all uncensored values are actually sensitive. **Recommendations** For Apache Airflow versions 2.5.0 through 2.6.1, update to version 2.6.2 or later to resolve the issue.