Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. References: https://nvd.nist.gov/vuln/detail/CVE-2017-8439 https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952