A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information. The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kibana | Elastic | 7.2.1 (including) | 7.17.3 (excluding) |
| Kibana | Elastic | 8.0.0 (including) | 8.1.3 (excluding) |