Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authen…

Apache Airflow versions 3.1.0 through 3.1.7 contain a missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints. This vulnerability allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance, representing a privilege escalation issue. The vulnerability affects the workflow orchestration system's access control mechanisms. Users are advised to upgrade to Apache Airflow version 3.1.8 or later to resolve this security issue.