we are using kibana 7.7.1 and our security team has found that the config path /opt/kibana-7.7.1-linux-x86_64/ is visible when we do view source code on browser for kibana dashboard.
/opt/kibana-7.7.1-linux-x86_64/x-pack/plugins this path is also visible in the source code.
The remote web application discloses path information.
kindly let me know is this a vulnerability ? how can we disable this ?