kibana is vulnerable to Arbitrary Code Execution. A remote authenticated attacker with the ability to modify the Kibana yaml or env configuration is able to execute malicious code on the host system via a malicious configuration payload trough the Uptime/Synthetics
feature.
discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
github.com/advisories/GHSA-3x5p-xwf4-5g93
github.com/elastic/kibana/commit/40546954e91188153267c4bc92c65c93e45c71ea
github.com/elastic/kibana/commit/efcababbe5f06e1b6ddf761c632cb9df4eb92082
github.com/elastic/kibana/pull/155759
github.com/elastic/kibana/pull/155818
github.com/elastic/kibana/pull/155948
www.elastic.co/community/security/