The host is installed with Kibana before 6.8.2 or 7.x before 7.2.1 and is prone to a server side request forgery vulnerability. A flaw is present in the application, which fails to properly handle an issue in the graphite integration for Timelion visualizer. Successful exploitation could allow an attacker to access external URL resources as the Kibana process on the host system.