URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
{ "cpes": [ "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:node.js:*:*" ], "severity": "Medium" }