{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "Unauthenticated HTTP POST to /en-US/splunkd/__raw/v1/postgres/recovery/backup and /restore on Splunk Web (port 8000). The attacker controls backupFile (the pg_dump -f / pg_restore file path => arbitrary file create/truncate), database (a libpq connection string allowing hostaddr=<attacker-ip> redirect of pg_dump and passfile=/opt/splunk/var/packages/data/postgres/db/.pgpass + dbname=template1 redirect of pg_restore onto the local Splunk Postgres as the postgres_admin superuser), and the -U Postgres user (taken verbatim from the HTTP Authorization Basic-auth username).",
  "trigger_path": "Remote attacker -> Splunk Web :8000 (no auth) -> proxied PostgreSQL sidecar /v1/postgres/recovery/backup (pg_dump of attacker DB to /tmp/poc) -> /v1/postgres/recovery/restore (pg_restore into local template1 via .pgpass; CHECK constraint fires PL/pgSQL lo_export writing attacker Python over the default-enabled ssg_enable_modular_input.py) -> Splunk modular-input scheduler executes the overwritten script as the splunk user -> /tmp/pwned/MARKER with uid=...(splunk).",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": null,
  "inferred": false
}
