apache_airflow is vulnerable to an Authorization Bypass. The vulnerability is due improper permission checks which allows an authenticated user with limited permissions to access resources such as variables, connections, etc, from the UI which they do not have permission to access, resulting in sensitive information exposure.