Information Disclosure

kibana is vulnerable to information disclosure. An improperly initialized kibana login screen causes user-entered credentials to be shown in the URL bar and allows untrusted parties to obtain the user’s credentials via access logs or through the Referer header when the user browses to another website.