The host is installed with kibana before 6.8.11 or 7.x before 7.8.1 and is prone to a denial-of-service vulnerability. A flaw is present in the application, which fails to handle Timelion. Successful exploitation allows attackers to construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive..