It was reported that when a custom output is configured for logging in versions of Kibana before 4.5.4 and 4.1.11, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. External Reference: https://www.elastic.co/community/security
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.2 Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:1836 https://access.redhat.com/errata/RHSA-2016:1836