Secfurity problems with Kibana's dispalyed error messages


I have a few ELK stacks. Recently, Kibana started having some issues. No problem, I was able to fix, but I noticed the error message displayed in the web browser was very content-rich. Lots of FQDNs, ports and file paths. This isn't the type of information we want end users to see - for purposes malicious or otherwise.

Does anyone know how to configure Kibana's error messages to be generic and NOT show all this additional information?


Do you mean the error messages/stack traces that you get when the browser-side code triggers an error? In that case, those errors are not leaking sensitive information as it is all client-side to the current user's browser. If the error messages are leaking server-side details such as server file paths or configurations, then that's a bug.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.