Security issues in Kibana plugin - please upgrade

Hi all,

we have found two security issues in the Search Guard Kibana plugin:

  • SISG-9: Kibana user can impersonate as the kibanaserver user when using Single-Sign-On

  • SISG-8: Redirect and XSS vulnerability on the Kibana login page

More information can be found on our Security Issues page:

The issues have already been fixed for Kibana 6.x and 5.6.8. We recommend upgrading the Kibana plugin to the latest version as soon as possible!


Jochen and the Search Guard team


Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication and authorisation.

Coded with love in Berlin, Denmark, Sweden and the US.

Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.

Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.