更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:54:04.686907Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/advisories/GHSA-fg3x-rwq9-74cw"

 # Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2018-15192`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:20.787387Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -32,6 +36,15 @@ primary_source: "https://github.com/advisories/GHSA-hf6f-jq25-8gq9"

 # Gitea Remote Code Execution (RCE) in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2018-18926`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:53:57.848904Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-5rh7-6gfj-mc87"

 # Gitea XSS Vulnerability in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2019-1010261`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:17.939867Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-g2qx-6ghw-67hm"

 # Denial of Service in Gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2020-13246`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:18.307544Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-g95p-88p4-76cm"

 # Cross-site Scripting in Gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2021-28378`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:06.638863Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5"

 # Path Traversal in Gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2021-29134`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:55:15.307648Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm"

 # Buffer Overflow in gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2021-3382`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:07.840324Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jrpg-35hw-m4p9"

 # Capture-replay in Gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2021-45327`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:33.136607Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-pg38-r834-g45j"

 # Improper Privilege Management in Gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2021-45330`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:07.604662Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-hfmf-q69j-6m5p"

 # Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2021-45331`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:45.472605Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jr9c-h74f-2v28"

 # Gitea Missing Authorization vulnerability in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-0905`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:51:49.844240Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc"

 # Gitea Open Redirect in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-1058`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:45.577318Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-ph3w-2843-72mx"

 # Stored Cross-site Scripting in gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-1928`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:19.647131Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg"

 # Arbitrary file deletion in gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-27313`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:50:23.949796Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx"

 # Shell command injection in gitea in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-30781`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:55:04.505871Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-fhv8-m4j4-cww2"

 # Gitea allowed assignment of private issues in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-38183`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:54:07.076900Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-8j3v-68w3-3848"

 # Gitea erroneous repo clones in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-38795`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:52:41.181693Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-w8xw-7crf-h23x"

 # Gitea vulnerable to Argument Injection in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2022-42968`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.095775Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-cm54-pfmc-xrwx"

 # Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68938`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:48.777563Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g"

 # Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68939`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.087298Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-rrcw-5rjv-vj26"

 # Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68940`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.339953Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-xfq3-qj7j-4565"

 # Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68941`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.781753Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-898p-hh3p-hf9r"

 # Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68942`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.213758Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-jhx5-4vr4-f327"

 # Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68943`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.526913Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-f85h-c7m6-cfpm"

 # Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68944`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:51.457970Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx"

 # Gitea: anonymous user can visit private user's project in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68945`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:50.473303Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-hq57-c72x-4774"

 # Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-68946`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:49.801641Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -33,6 +37,15 @@ primary_source: "https://github.com/advisories/GHSA-pc73-rj2c-wvf9"

 # Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2025-69413`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.518308Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp"

 # Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-0798`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:53.977351Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -35,6 +39,15 @@ primary_source: "https://github.com/advisories/GHSA-hgr3-x44x-33hx"

 # Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20736`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:57.697708Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-rw22-5hhq-pfpf"

 # Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20750`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.012782Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-2vgv-hgv4-22mh"

 # Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20800`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.692700Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-j8xr-c56q-m8jj"

 # Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20883`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:56.025932Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-9cgq-wp42-4rpq"

 # Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20888`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:55.339967Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-393c-qgvj-3xph"

 # Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20897`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:54.244003Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-qqgv-v353-cv8p"

 # Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20904`
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md
@@ -8,6 +8,10 @@ updated_date: "2026-03-03T04:57:55.747880Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
+verification_status: "triage-manual"
+verification_mode: "synthetic"
+artifact_mode: "synthetic"
+last_run_id: ""
 target_types:
  - "lab-local"
  - "lab-public"
@@ -34,6 +38,15 @@ primary_source: "https://github.com/advisories/GHSA-4xx9-vc8v-87hv"

 # Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

+## 本地实证状态
+
+- 实证状态: `triage-manual`
+- 实证方式: `synthetic`
+- Artifact 模式: `synthetic`
+- 最近运行: `-`
+- 浏览器证据: `missing`
+- Run Bundle: `-`
+
 ## 事件层

 - Canonical ID: `gitea--CVE-2026-20912`