currently I'm evaluating 6.x version for getting the fix regarding this:
Given that we cannot move our kibana to 6.4.1, I'd like to bring the patch for this on our code.
(Or at least determine exactly in which conditions would this happen).
Could we have the GitHub link to the patch for this?
Also, if we only have one user allowed for kibana, can this security issue happens?
I'd appreciate any info you can provide on this to allow me to secure the environment without need to pick up all the other changes.