Elastic identified a vulnerability in Kibana's PDF reporting feature, which inadvertently transmitted user authentication credentials in HTTP headers when requesting data from external resources. The vulnerability, affecting versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 of the Elastic Stack, exposes credentials to external resource providers, although there is no evidence of unauthorized use. Users employing this feature should change their credentials as a precaution. Elastic released fixes in versions 5.6.13 and 6.4.3, and provided guidance for managing credentials across different authentication realms, such as Native, File, LDAP, Active Directory, and SAML. Users unable to upgrade are advised to follow recommended security practices and reach out to support if needed.