kibana is vulnerable to information disclosure. An improperly initialized kibana login screen causes user-entered credentials to be shown in the URL bar and allows untrusted parties to obtain the user’s credentials via access logs or through the Referer
header when the user browses to another website.