A Cross-Site Request Forgery flaw was found in Kibana: http://seclists.org/bugtraq/2015/Nov/101 https://www.elastic.co/community/security/ This flaw is fixed in Kibana versions 4.1.3 and 4.2.1 Upstream release info: https://www.elastic.co/blog/kibana-4-2-1-and-4-1-3