hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

Expand intel coverage and refresh monitoring

浏览代码
这个提交包含在:
hao
2026-03-18 14:18:09 -07:00
父节点 87008d1bd5
当前提交 00d828d090
修改 3658 个文件,包含 124245 行新增13073 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

11
07-framework-security/platforms/adminer/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `adminer`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 总案例数: `2`
- 近 30 天新增/更新: `2`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `2`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -30,4 +30,5 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| CVE-2026-25892 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-20T20:24:32.147` | - |
| CVE-2026-25878 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2026-02-28T00:18:44.953` | - |

23
07-framework-security/platforms/gitea/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gitea`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `13`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `13`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,19 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
224 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| gitea | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| go-gitea | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

86
07-framework-security/platforms/gitlab-ce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `gitlab-ce`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `55`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `55`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -32,4 +32,82 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| MIT License | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View all Solutions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI-Assisted Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 Branches | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software Supply Chain Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Customer portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jobs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Value Stream Management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitLab Services | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get free trial | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Learn | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 1,753 Commits | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Application Security Testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trust Center | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Customer success stories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights for the future of software development
Read the latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Analytics & Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Integrations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Handbook | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Product documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Source Code Management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Enterprise | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Partners | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI Transparency Center | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support portal | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Press | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Quick start guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Code Suggestions (AI) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Small Business | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Automated Software Delivery | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| README | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Leadership | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Best practice videos | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Install | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Why GitLab
See the top reasons enterprises choose GitLab
Learn more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Remote | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Investor relations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CI/CD | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 0 Tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| View all resources | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Software Compliance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Visibility & Measurement | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitLab Duo Agent Platform
Agentic AI for the entire software lifecycle
Meet GitLab Duo | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pricing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Talk to sales | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Public Sector | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Platform
The intelligent orchestration platform for DevSecOps
Explore our Platform | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

67
07-framework-security/platforms/grafana/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `grafana`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `60`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `60`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,63 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| GitLab | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Beyla eBPF auto-instrumentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kubernetes Monitoring Get K8s health, performance, and cost monitoring from cluster to container | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Application Observability Monitor application performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Infrastructure observability Ensure infrastructure health and performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Performance testing Powered by Grafana k6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana k6 Load testing for engineering teams | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MySQL | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kafka | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MongoDB | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Faro Frontend application observability web SDK | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Dashboard templates Try out and share prebuilt visualizations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All monitoring and visualization integrations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Traces powered by Grafana Tempo | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Synthetic Monitoring powered by Grafana k6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Plugins Connect Grafana to data sources, apps, and more | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MongoDB | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AI/ML insights Identify anomalies and reduce toil | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Windows | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incident Response & Management Detect and respond to incidents with a simplified workflow | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AppDynamics | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Datadog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Pyroscope Scalable continuous profiling backend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Logs powered by Grafana Loki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana for visualization | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Google Cloud | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Alloy OpenTelemetry Collector distribution with Prometheus pipelines | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Docker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SLO management Create SLOs and error budget alerts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RabbitMQ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Snowflake | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| New Relic | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Prometheus Monitor Kubernetes and cloud native | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Create free account | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Tempo High-scale distributed tracing backend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Metrics powered by Grafana Mimir and Prometheus | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Linux | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Loki Multi-tenant log aggregation system | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Graphite Scalable monitoring for time series data | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Prometheus exporters Get your metrics into Prometheus quickly | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jira | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Postgres | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenTelemetry Instrument and collect telemetry data | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Oracle | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Query, visualize, and alert on data | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Salesforce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Grafana Mimir Scalable and performant metrics backend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| AWS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Frontend Observability Gain real user monitoring insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contextual root cause analysis Automated anomaly correlation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| On-call management Flexible on-call management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Alerting Trigger alerts from any data source | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Splunk | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Incident response Routine task automation for incidents | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Application Observability Monitor application performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All monitoring integrations | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Microsoft Azure | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

67
07-framework-security/platforms/jenkins/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `jenkins`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `60`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `60`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,63 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Git Parameter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| JDepend | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User1st uTester | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Statistics Gatherer | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Coverage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-09-17 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| global-build-stats | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-07-09 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Issues | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ByteGuard Build Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Home | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerabilities and Scoring | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2026-02-18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Git client | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS feed. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Aqua Security Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Eggplant Runner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Credentials Binding | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| LoadNinja | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Curseforge Publisher | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SAML | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Testsigma Test Plan run | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start Windocks Containers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-10-29 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jakarta Mail API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Extensible Choice Parameter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Publish to Bitbucket | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Apica Loadtest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2026-03-18 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| BlazeMeter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How We Fix Security Issues | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kryptowire | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reporting Vulnerabilities | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| IBM Cloud DevOps | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Terminology | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sensedia Api Platform tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins CNA | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-12-10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HashiCorp Vault | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| MCP Server | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| IFTTT Build Notifier | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenShift Pipeline | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Nexus Task Runner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| ReadyAPI Functional Testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Advisory Schedule | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Redpen - Pipeline Reporter for Jira | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| QMetry Test Management | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contributions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Nouvola DiveCloud | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HTML Publisher | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Themis | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenTelemetry | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vulnerabilities in Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Jenkins Security Advisory 2025-09-03 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Applitools Eyes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Dead Man's Snitch | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

48
07-framework-security/platforms/kibana/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `kibana`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `41`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `41`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,44 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-13) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-04) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-34) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 9.3.1 Security Update (ESA-2026-17) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| next page → | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-28) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-14) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Synthetics Recorder 1.4.15 Security Update (ESA-2026-16) - CVE-2025-6554 and CVE-2025-7657 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Guidelines | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Announcements | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-10) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-24) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-15) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-37) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-03) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-35) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-02) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-08) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-39) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Terms of Service | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Privacy Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Trademarks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-38) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Categories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discuss the Elastic Stack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-30) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Metricbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-01) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.7, 9.1.7, 9.2.1 Security Update (ESA-2025-25) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-33) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About the Security Announcements category | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Brand | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-36) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-27) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-31) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-12) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-05) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Filebeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-32) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Code of Conduct | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Packetbeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-29) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

32
07-framework-security/platforms/mattermost/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `mattermost`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 总案例数: `20`
- 近 30 天新增/更新: `19`
- 重点 Markdown 案例数: `20`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `20`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -26,9 +26,29 @@
- `official` [Mattermost Security Updates](https://mattermost.com/security-updates/) (mode=core)
- `official` [NVD Mattermost](https://nvd.nist.gov/vuln/search) (keyword=Mattermost; mode=core)
- `official` [Mattermost Security Updates JSON](https://securityupdates.mattermost.com/security_updates.json) (mode=core)
## 案例列表
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| Issue Identifier | `severity` | `generated` | `triage-manual` | `synthetic` | `official` | `Fix Release Date` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-issue-identifier.md) |
| MMSA-2025-00553 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md) |
| MMSA-2026-00574 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00574.md) |
| MMSA-2026-00603 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00603.md) |
| MMSA-2026-00624 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00624.md) |
| MMSA-2026-00625 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00625.md) |
| MMSA-2026-00610 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-10` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00610.md) |
| MMSA-2026-00611 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-10` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00611.md) |
| MMSA-2026-00621 | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-05` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00621.md) |
| MMSA-2025-00562 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2025-00562.md) |
| MMSA-2026-00584 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00584.md) |
| MMSA-2026-00589 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00589.md) |
| MMSA-2026-00593 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00593.md) |
| MMSA-2026-00594 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00594.md) |
| MMSA-2026-00598 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00598.md) |
| MMSA-2026-00599 | `high` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-24` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00599.md) |
| MMSA-2025-00566 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2025-00566.md) |
| MMSA-2026-00578 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00578.md) |
| MMSA-2026-00590 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00590.md) |
| MMSA-2026-00595 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-02-23` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00595.md) |

108
07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md 普通文件
查看文件

@@ -0,0 +1,108 @@
---
title: "MMSA-2025-00553"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-16"
updated_date: "2026-03-16"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2025-00553"
- "CVE-2026-4265"
affected_versions:
- "11.3.x <= 11.3.0"
- "11.2.x <= 11.2.2"
- "10.11.x <= 10.11.10"
fixed_versions:
- "11.4.0"
- "11.3.1"
- "11.2.3"
- "10.11.11"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
- "file-upload-validation"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2025-00553
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--CVE-2026-4265`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10`
- 修复版本: `11.4.0, 11.3.1, 11.2.3, 10.11.11`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

93
07-framework-security/platforms/mattermost/cases/mattermost-issue-identifier.md 普通文件
查看文件

@@ -0,0 +1,93 @@
---
title: "Issue Identifier"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "Fix Release Date"
updated_date: "Fix Release Date"
severity: "severity"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "Issue Identifier"
affected_versions:
- "Affected Versions"
fixed_versions:
- "Fix Versions"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# Issue Identifier
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--Issue Identifier`
- 系统: `mattermost`
- 严重度: `severity`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `Affected Versions`
- 修复版本: `Fix Versions`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2025-00562.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2025-00562"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2025-00562"
affected_versions:
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
- "11.2.x <= 11.2.3"
- "10.11.x <= 10.11.11"
fixed_versions:
- "11.5.0"
- "11.4.1"
- "11.3.2"
- "11.2.4"
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2025-00562
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2025-00562`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11`
- 修复版本: `11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2025-00566.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2025-00566"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-23"
updated_date: "2026-02-23"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2025-00566"
affected_versions:
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
- "11.2.x <= 11.2.3"
- "10.11.x <= 10.11.11"
fixed_versions:
- "11.5.0"
- "11.4.1"
- "11.3.2"
- "11.2.4"
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2025-00566
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2025-00566`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11`
- 修复版本: `11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00574.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00574"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-16"
updated_date: "2026-03-16"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00574"
affected_versions:
- "11.2.x <= 11.2.2"
- "10.11.x <= 10.11.10"
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
fixed_versions:
- "11.5.0"
- "11.2.3"
- "10.11.11"
- "11.4.1"
- "11.3.2"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00574
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00574`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1`
- 修复版本: `11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00578.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00578"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-23"
updated_date: "2026-02-23"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00578"
affected_versions:
- "11.2.x <= 11.2.2"
- "10.11.x <= 10.11.10"
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
fixed_versions:
- "11.5.0"
- "11.2.3"
- "10.11.11"
- "11.4.1"
- "11.3.2"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00578
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00578`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1`
- 修复版本: `11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

93
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00584.md 普通文件
查看文件

@@ -0,0 +1,93 @@
---
title: "MMSA-2026-00584"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00584"
affected_versions:
- "<=11.4 10.11.11.0"
fixed_versions:
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00584
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00584`
- 系统: `mattermost`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `<=11.4 10.11.11.0`
- 修复版本: `10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

93
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00589.md 普通文件
查看文件

@@ -0,0 +1,93 @@
---
title: "MMSA-2026-00589"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00589"
affected_versions:
- "<=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0"
fixed_versions:
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00589
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00589`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `<=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0`
- 修复版本: `10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00590.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00590"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-23"
updated_date: "2026-02-23"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00590"
affected_versions:
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
- "11.2.x <= 11.2.3"
- "10.11.x <= 10.11.11"
fixed_versions:
- "11.5.0"
- "11.4.1"
- "11.3.2"
- "11.2.4"
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00590
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00590`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11`
- 修复版本: `11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00593.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00593"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00593"
affected_versions:
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
- "11.2.x <= 11.2.3"
- "10.11.x <= 10.11.11"
fixed_versions:
- "11.5.0"
- "11.4.1"
- "11.3.2"
- "11.2.4"
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00593
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00593`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11`
- 修复版本: `11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00594.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00594"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00594"
affected_versions:
- "11.2.x <= 11.2.2"
- "10.11.x <= 10.11.10"
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
fixed_versions:
- "11.5.0"
- "11.2.3"
- "10.11.11"
- "11.4.1"
- "11.3.2"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00594
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00594`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1`
- 修复版本: `11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00595.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00595"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-23"
updated_date: "2026-02-23"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00595"
affected_versions:
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
- "11.2.x <= 11.2.3"
- "10.11.x <= 10.11.11"
fixed_versions:
- "11.5.0"
- "11.4.1"
- "11.3.2"
- "11.2.4"
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00595
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00595`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11`
- 修复版本: `11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00598.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00598"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00598"
affected_versions:
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
- "11.2.x <= 11.2.3"
- "10.11.x <= 10.11.11"
fixed_versions:
- "11.5.0"
- "11.4.1"
- "11.3.2"
- "11.2.4"
- "10.11.12"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00598
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00598`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11`
- 修复版本: `11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00599.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00599"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-24"
updated_date: "2026-02-24"
severity: "high"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00599"
affected_versions:
- "11.2.x <= 11.2.2"
- "10.11.x <= 10.11.10"
- "11.4.x <= 11.4.0"
- "11.3.x <= 11.3.1"
fixed_versions:
- "11.5.0"
- "11.2.3"
- "10.11.11"
- "11.4.1"
- "11.3.2"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00599
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00599`
- 系统: `mattermost`
- 严重度: `high`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1`
- 修复版本: `11.5.0, 11.2.3, 10.11.11, 11.4.1, 11.3.2`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

94
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00603.md 普通文件
查看文件

@@ -0,0 +1,94 @@
---
title: "MMSA-2026-00603"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-16"
updated_date: "2026-03-16"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00603"
affected_versions:
- "10.11.x <= 10.11.12"
fixed_versions:
- "11.5.0"
- "10.11.13"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00603
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00603`
- 系统: `mattermost`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `10.11.x <= 10.11.12`
- 修复版本: `11.5.0, 10.11.13`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

93
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00610.md 普通文件
查看文件

@@ -0,0 +1,93 @@
---
title: "MMSA-2026-00610"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-10"
updated_date: "2026-03-10"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00610"
affected_versions:
- "<=2.3.1"
fixed_versions:
- "2.3.2.0"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00610
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00610`
- 系统: `mattermost`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `<=2.3.1`
- 修复版本: `2.3.2.0`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

93
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00611.md 普通文件
查看文件

@@ -0,0 +1,93 @@
---
title: "MMSA-2026-00611"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-10"
updated_date: "2026-03-10"
severity: "low"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00611"
affected_versions:
- "<=2.1.3.0"
fixed_versions:
- "2.3.2.0"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00611
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00611`
- 系统: `mattermost`
- 严重度: `low`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `<=2.1.3.0`
- 修复版本: `2.3.2.0`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

93
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00621.md 普通文件
查看文件

@@ -0,0 +1,93 @@
---
title: "MMSA-2026-00621"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-05"
updated_date: "2026-03-05"
severity: "high"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00621"
affected_versions:
- "<=1.4.1"
fixed_versions:
- "1.1.5.0"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00621
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00621`
- 系统: `mattermost`
- 严重度: `high`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `<=1.4.1`
- 修复版本: `1.1.5.0`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

100
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00624.md 普通文件
查看文件

@@ -0,0 +1,100 @@
---
title: "MMSA-2026-00624"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-16"
updated_date: "2026-03-16"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00624"
affected_versions:
- "10.11.x <= 10.11.12"
- "11.5.x <= 11.5.0"
- "11.4.x <= 11.4.2"
- "11.3.x <= 11.3.2"
fixed_versions:
- "11.6.0"
- "10.11.13"
- "11.5.1"
- "11.4.3"
- "11.3.3"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00624
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00624`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2`
- 修复版本: `11.6.0, 10.11.13, 11.5.1, 11.4.3, 11.3.3`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

99
07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00625.md 普通文件
查看文件

@@ -0,0 +1,99 @@
---
title: "MMSA-2026-00625"
system_id: "mattermost"
category: "platforms"
advisory_mode: "core"
published_date: "2026-03-16"
updated_date: "2026-03-16"
severity: "medium"
exploit_status: "unknown"
source_confidence: "official"
verification_status: "triage-manual"
verification_mode: "synthetic"
artifact_mode: "synthetic"
last_run_id: ""
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "MMSA-2026-00625"
affected_versions:
- "10.11.x <= 10.11.12"
- "11.5.x <= 11.5.0"
- "11.4.x <= 11.4.2"
- "11.3.x <= 11.3.2"
fixed_versions:
- "10.11.13"
- "11.5.1"
- "11.4.3"
- "11.3.3"
secure_code_topics:
- "authz-server-side-recheck"
- "xss-output-encoding"
- "token-cookie-storage"
primary_source: "https://securityupdates.mattermost.com/security_updates.json"
---
# MMSA-2026-00625
## 本地实证状态
- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
## 事件层
- Canonical ID: `mattermost--MMSA-2026-00625`
- 系统: `mattermost`
- 严重度: `medium`
- 来源置信度: `official`
- 官方主源: https://securityupdates.mattermost.com/security_updates.json
- 影响版本: `10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2`
- 修复版本: `10.11.13, 11.5.1, 11.4.3, 11.3.3`
## 其他来源
- 无额外来源
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)

59
07-framework-security/platforms/phpmyadmin/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `phpmyadmin`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `50`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `50`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,55 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| PMASA-2022-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| phpMyAdmin security team | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download 5.2.3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| sponsorship program | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2023-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| donating
to our project | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| phpMyAdmin keyring | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2019-4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Keybase | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2022-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2025-1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| issue
tracker | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security (current) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Docs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2018-8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2025-3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| phpMyAdmin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Try demo | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2017-8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| hardening label | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2025-2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PMASA-2020-5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| documentation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Try | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS feed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |

57
07-framework-security/platforms/redmine/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `redmine`
- 分类: `platforms`
- 覆盖策略: `rolling-24m`
- 总案例数: `0`
- 总案例数: `50`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T18:35:08+00:00`
- 待人工/缺浏览器证据: `50`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
## 目标约束
@@ -31,4 +31,53 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
| 96 revisions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Koya Masuda | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.12 (2026-03-16) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| All Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.1.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.11 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.8 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| News | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Help | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Changelog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Register | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Forums | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.3.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.1.1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.2.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.12 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0.13 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Privacy Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Index by title | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start page | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Overview | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| FAQ | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Roadmap | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Index by date | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.1.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.1.9 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4.1.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Search | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Plugins | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Holger Just | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Redmine Security Scanner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6.0.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5.0.14 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HowTo's | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Activity | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |