apache_airflow is vulnerable to information disclosure. The vulnerability is due to get_rendered_template_fields
of taskinstance.py
because secrets are rendered in the UI when the task has not executed which allows an attacker to view unmasked secrets in the rendered template values.