We have requested a CVE number and will update our forum post and website when the number has been assigned.
Thanks to Vladimir Ivanov (Positive Technologies) for finding and responsibly reporting the issue.
Versions 4.3.1, 4.2.2, and 4.1.4 have addressed the vulnerability.
Users should upgrade Kibana to 4.3.1, 4.2.2, or 4.1.4. This will address the vulnerability.
Found customers are being updated automatically.