{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "Unauthenticated HTTP requests to /api/v1/main/flows/configs and /api/v1/main/executions/trigger/configs/configs (paths ending in /configs) plus an attacker-supplied flow YAML containing arbitrary shell commands.",
  "trigger_path": "AuthenticationFilter.doFilter uses request.getPath().endsWith(\"/configs\") to whitelist the public config endpoint; setting a flow namespace and id to the literal 'configs' makes POST /api/v1/main/flows/configs and POST /api/v1/main/executions/trigger/configs/configs end with '/configs', bypassing Basic Auth. The created flow's shell task then runs an arbitrary OS command in the Kestra worker.",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": null,
  "inferred": false
}
