Clear Dev Tools when logging out a user with X-Pack installed to Kibana

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.65k stars 8.22k forks source link

Clear Dev Tools when logging out a user with X-Pack installed to Kibana #17658

Open djptek opened 6 years ago

djptek commented 6 years ago

When logging out a user from Kibana and then logging in as a different user using the same Browser, "Dev Tools" exposes any commands cached from the previous user. Even though the new user may not have privileges to run these commands, there still exists potential for inadvertent disclosure of information, hence the security tag. While it is really useful in a single-user scenario to have that cache, I'd suggest some (configurable) mechanism to be able to clear this.

elasticmachine commented 5 years ago

Pinging @elastic/es-ui

cjcenizal commented 5 years ago

This could be addressed by https://github.com/elastic/kibana/issues/17888#issuecomment-501811981.

elasticmachine commented 1 month ago

Pinging @elastic/kibana-management (Team:Kibana Management)