kibana is vulnerable to open redirect. The vulnerability exists due to flawed router path checks which allows an attacker to redirect the user to an arbitrary website.
access.redhat.com/security/cve/cve-2021-22141
bugzilla.suse.com/show_bug.cgi?id=CVE-2021-22141
discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964
github.com/advisories/GHSA-whx6-754g-3x5v
github.com/elastic/kibana/commit/720bc4cc0c0fd388e72066626716663c15880003
www.elastic.co/community/security/