kibana is vulnerable to information disclosure attacks. The vulnerability exists as plaintext credentials are being sent in the HTTP request during the PDF generation process, allowing an external resource provider to view the credentials.
discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
github.com/elastic/kibana/commit/7bac28be6bccbcd3eaace34a60011eb49b96d07e
github.com/elastic/kibana/commit/9f4ec18000a74e269276ff943979799ccbd4d950
github.com/elastic/kibana/pull/24177
github.com/elastic/kibana/pull/24236
www.elastic.co/community/security