Kibana 6.8.10edit

Security updateedit

In Kibana 5.4.0 and later, TSVB visualizations contain a stored XSS flaw. Attackers that can edit and create TSVB visualizations can obtain sensitive information, or perform destructive actions, on behalf of the Kibana users who edit the TSVB visualization, CVE-2020-7015.

You must upgrade to 6.8.10. If you are unable to upgrade, set metrics.enabled:false in your kibana.yml file to disable TSVB.