Hi! We are currently in production using Kibana and Elasticsearch with the 8.15.3 version (both of them). We were reported with some vulnerabilities that we'd need to fix as soon as possible:
KIbana:
Elasticsearch:
The info we'd need to know is if there will be a fix for them in the next Elasticsearch/Kibana release, or if at least it is planned to solve them. Thanks in advance for the help and let me know if you need more info from our side.
Thank you for your report.
Elastic's security reporting guidelines are available at Security issues | Elastic. Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to security@elastic.co
We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.