Config path visible in source code of Kibana

parag7610 · July 31, 2020, 7:39am

Hi team,

we are using kibana 7.7.1 and our security team has found that the config path /opt/kibana-7.7.1-linux-x86_64/ is visible when we do view source code on browser for kibana dashboard.

/opt/kibana-7.7.1-linux-x86_64/x-pack/plugins this path is also visible in the source code.

The remote web application discloses path information.
kindly let me know is this a vulnerability ? how can we disable this ?

tsullivan · July 31, 2020, 6:49pm

Thanks for bringing it up! There is a fix in the works.

system · August 28, 2020, 6:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.