From 9a01d6af149cd683c4fd3bf59d4c50dd4f210138 Mon Sep 17 00:00:00 2001
From: Andy Maksymowicz <andre.maksymowicz@centauricorp.com>
Date: Wed, 22 Jul 2020 16:16:00 +0000
Subject: [PATCH] Update README.md

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 0266829..9a37aac 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,13 @@ understanding the impact rain might have on your quarterly numbers.
 For more information about Kibana, please visit
 https://www.elastic.co/products/kibana.
 
+### Security Warning
+Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials.
+
+Because of this, If using the **ALL_PROXY** environment variable when installing plugins via the 'kibana-plugin install' command, it could be possible for an attacker to execute a MITM attack.
+
+DoD organizations **are not** allowed to use the **ALL_PROXY** environment variable until this issue is patched.
+
 ### Installation instructions
 
 Please follow the documentation on [running Kibana on Docker](https://www.elastic.co/guide/en/kibana/7.8/docker.html).
-- 
GitLab