Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:*" ] }