{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "Unauthenticated HTTP GET to embedded Camel platform-http subpath (/api/hello) and management subpath (/admin/observe/info) when an explicit authenticationPath is set to the context prefix",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "openjdk-17",
    "maven",
    "camel-platform-http-main",
    "camel-platform-http-vertx",
    "vertx-platform-http-server",
    "camel-management",
    "camel-console"
  ],
  "tested_versions": {
    "vulnerable": "4.14.5",
    "fixed": "4.14.6"
  },
  "variant_config": {
    "business_bypass": "camel.server.path=/api + camel.server.authenticationPath=/api",
    "management_bypass": "camel.management.path=/admin + camel.management.authenticationPath=/admin"
  },
  "results": {
    "vulnerable_4.14.5": {
      "biz_default_no_creds": "200",
      "biz_bypass_no_creds": "200"
    },
    "fixed_4.14.6": {
      "biz_default_no_creds": "401",
      "biz_bypass_no_creds": "200",
      "mgmt_default_no_creds": "401",
      "mgmt_bypass_no_creds": "200"
    }
  },
  "proof_artifacts": [
    "logs/variant_summary.log",
    "logs/fixed_biz_bypass_no_creds.txt",
    "logs/fixed_biz_default_no_creds.txt",
    "logs/fixed_mgmt_bypass_info_no_creds.txt",
    "logs/fixed_mgmt_default_info_no_creds.txt",
    "logs/fixed_biz_bypass_app.log",
    "logs/fixed_mgmt_bypass_app.log"
  ],
  "notes": "On fixed 4.14.6: default authPath -> 401 (CVE fix works); explicit authPath=/api -> /api/hello 200 no creds (BYPASS); explicit mgmt authPath=/admin -> /admin/observe/info 200 no creds (info disclosure BYPASS). bypass_confirmed=yes. The fix's resolveAuthenticationPath returns explicit values verbatim and ignores contextPath, so a doc-encouraged context-prefix authPath is registered relative to the sub-router and does not protect subpaths."
}