A flaw was discovered in Elasticsearch where document and field level security was not applied to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
This vulnerability is out of security support scope for the following products:
* Red Hat JBoss Data Grid 6
* Red Hat JBoss Fuse 6
* Red Hat JBoss Fuse Service Works 6
* Red Hat JBoss BRMS 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Marking services "notaffected" per ./#/task/1990095#comment4 as the feature is only included in a paid/licensed extension.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):