Description
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
Remediation
References
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3
https://search-guard.com/cve-advisory/
Related Vulnerabilities
CVE-2022-27200 Vulnerability in maven package io.jenkins.plugins:folder-auth
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.12
CVE-2020-2283 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner
CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation