A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring 4 features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerable Kibana instance is not required to view the exposed information.
The Elastic Stack monitoring exposure only impacts users that have set any of the optional monitoring.ui.elasticsearch.* settings in order to configure Kibana as a remote UI for Elastic Stack Monitoring.
The same vulnerability in Kibana could expose other non-sensitive application-internal information in the page source.
Created puppet-kibana3 tracking bugs for this issue:
Affects: openstack-rdo [bug 2077602]