Yuri Astrakhan

**Name of the Vulnerable Software and Affected Versions** Kibana versions 4.0 through 4.6 Kibana versions 5.0 through 5.6.12 Kibana versions 6.0 through 6.4.2 **Description** The issue concerns the way authorization credentials are used when generating PDF reports. If a report requests external resources, plaintext credentials are included in the HTTP request, which could be recovered by an external resource provider. **Recommendations** For versions 4.0 through 4.6, update to a version outside of this range to resolve the issue. For versions 5.0 through 5.6.12, update to a version outside of this range to resolve the issue. For versions 6.0 through 6.4.2, update to a version outside of this range to resolve the issue.