NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
In Kibana 5.4.0 and later, TSVB visualizations contain a stored XSS flaw. Attackers that can edit and create TSVB visualizations can obtain sensitive information, or perform destructive actions, on behalf of the Kibana users who edit the TSVB visualization, CVE-2020-7015.
You must upgrade to 6.8.10. If you are unable to upgrade, set
metrics.enabled:false in your kibana.yml file to disable TSVB.