Brian Levine

**Name of the Vulnerable Software and Affected Versions** Kibana (affected versions not specified) **Description** A vulnerability in Kibana is related to the exposure of information. Exploitation of this issue may allow a remote attacker to disclose protected information. The vulnerability can expose sensitive information related to Elastic Stack monitoring in the Kibana page source. This exposure only impacts users who have set any of the optional `monitoring.ui.elasticsearch.*` settings to configure Kibana as a remote UI for Elastic Stack Monitoring. No authentication with a vulnerable Kibana instance is required to view the exposed information. The vulnerability can also expose other non-sensitive application-internal information in the page source. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.