kibana is vulnerable to arbitrary code execution. The vulnerability exists due to a flaw which allows an attacker to send a malicious request to execute Javascript code since xpack.security.audit.enabled
in the kibana.yml is set to true by default, leading to arbitrary code execution on the host system.