Red Hat OpenStack Platform 8.0/9.0 Operational Tools Kibana/Elasticsearch versions do not include nor support X-Pack (8/9 versions must use the optional Shield, also not packaged); not affected.
Red Hat OpenShift Container Platform 4.1, and 3.x do not install the vulnerable package (Shield for Kibana 4, and X-Pack for Kibana 5), so the impact is lowered to moderate.
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.1
Via RHSA-2019:2860 https://access.redhat.com/errata/RHSA-2019:2860