There is this CVE about a vulnerability in JsonWebToken:
This is a vulnerability about insecure input validation in jwt.verify function, in JsonWebToken versions <= 8.5.1.
We are using Kibana 7.8.0 in our product and we see that there are some usages of JsonWebToken in the Kibana files.
My question is, is Kibana vulnerable to this CVE?
7.8 is very much EOL and you are unlikely to get a response for that particular version other than you need to upgrade.
For newer versions I would suggest checking out Security issues | Elastic and emailing firstname.lastname@example.org.
I can't find the CVE in the page you provided, is it possible to get an answer here about this vulnerability for newer versions of Kibana? Or the only place I could get an answer is via email@example.com?