Saurabh

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined versions prior to 3.2.1 **Description** The asset dependency graph fails to restrict nodes based on the viewer's DAG read permissions. This allows a user with read access to at least one DAG to browse the asset graph for any other asset in the deployment, enabling them to discover the existence and names of DAGs and assets outside their authorized scope. **Recommendations** Upgrade to version 3.2.1.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 3.1.7 **Description** Authenticated users of the Airflow user interface, with permissions to specific Dags, could view import errors generated by other Dags they were not authorized to access. **Recommendations** Upgrade to version 3.1.7 or later.