Vincbeck

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.8.2 **Description** The issue allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. This is related to the disclosure of information in the error data area. Exploitation of the issue may allow a remote attacker to access the source code of DAGs. **Recommendations** For Apache Airflow versions prior to 2.8.2, upgrade to version 2.8.2 or newer to mitigate the risk associated with this issue. As a temporary workaround, consider restricting access to the API and UI for authenticated users until a patch is available.