更新: 219 个文件 - 2026-03-16 23:45:01

07-framework-security/platforms/gitea/INDEX.md

@@ -10,9 +10,9 @@
 - 重点 Markdown 案例数: `37`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
-- 阻塞数: `0`
-- 待人工/缺浏览器证据: `37`
-- 最近渲染时间: `2026-03-17T06:28:46+00:00`
+- 阻塞数: `1`
+- 待人工/缺浏览器证据: `36`
+- 最近渲染时间: `2026-03-17T06:35:48+00:00`
 
 ## 目标约束
 
@@ -42,7 +42,7 @@
 | Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) |
 | Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) |
 | Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) |
-| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
+| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `blocked-artifact` | `real` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
 | Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) |
 | Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) |
 | Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) |

07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md

@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:57:48.777563Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "blocked-artifact"
+verification_mode: "real"
+artifact_mode: "official-image"
+last_run_id: "gitea-gitea--CVE-2025-68939-20260317063330"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g"
 
 ## 本地实证状态
 
-- 实证状态: `triage-manual`
-- 实证方式: `synthetic`
-- Artifact 模式: `synthetic`
-- 最近运行: `-`
+- 实证状态: `blocked-artifact`
+- 实证方式: `real`
+- Artifact 模式: `official-image`
+- 最近运行: `gitea-gitea--CVE-2025-68939-20260317063330`
 - 浏览器证据: `missing`
-- Run Bundle: `-`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330`
 
 ## 事件层