hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 319 个文件 - 2026-03-31 03:06:10

浏览代码
这个提交包含在:
hao
2026-03-31 03:06:11 -07:00
父节点 e8a083bc68
当前提交 5beac32c48
修改 319 个文件,包含 14120 行新增3144 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

488
08-threat-intel/generated/dashboard/advisories.json
查看文件

@@ -7676,6 +7676,114 @@
"review_state": "needs-version-gap-review"
}
},
"mediawiki--7a3e57910a": {
"canonical_id": "mediawiki--7a3e57910a",
"title": "[MediaWiki-announce] Security pre-release announcement: 1.43.7 / 1.44.4 / 1.45.2",
"summary": "Hi all,\n\nTomorrow we will be issuing a security and maintenance release to all\nsupported branches of MediaWiki.\n\nThe new releases will be:\n\n- 1.43.7\n- 1.44.4\n- 1.45.2\n\nThis will also resolve security issues in bundled extensions, along with\nbug fixes included for maintenance reasons.\n\nThese security issues also affect many unsupported versions of MediaWiki.\n\nWe will make the fixes available in the respective release branches and\nmaster in git. Tarballs will be available for the above mentioned point\nreleases as well.\n\nA summary of some of the security fixes that have gone into non-bundled\nMediaWiki extensions will also follow later.\n\nAs a reminder, MediaWiki 1.39 became EOL in December 2025 and MediaWiki\n1.42 became EOL in June 2025.\n\nMore information on these timelines can be viewed on the version lifecycle\npage at [1].\n\n[1] https://www.mediawiki.org/wiki/Version_lifecycle",
"display_name": "MediaWiki",
"system_id": "mediawiki",
"category": "cms",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"published_at": "Mon, 30 Mar 2026 17:50:26 +0000",
"updated_at": "Mon, 30 Mar 2026 17:50:26 +0000",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/FFD4KWZMOVZQJF4PIIVUTCEHDJLMNZEB/",
"secondary_source_urls": [],
"aliases": [],
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"advisory_scope": "core",
"workflow": {
"workflow_id": "mediawiki--7a3e57910a--workflow",
"vuln_family": "plugin-extension",
"entry_surface": "extension-management-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "plugin-manager-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `plugin-extension` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/plugins",
"/extensions",
"/themes"
],
"input_shape": "\u5728\u6269\u5c55\u7ba1\u7406\u6216\u6269\u5c55\u529f\u80fd\u5165\u53e3\u4e2d\u63d0\u4ea4\u53d7\u63a7\u914d\u7f6e/\u5185\u5bb9\u3002",
"expected_unsafe_behavior": "\u6269\u5c55\u5b89\u88c5\u3001\u914d\u7f6e\u6216\u8fd0\u884c\u7a81\u7834\u4e86\u4fe1\u4efb\u8fb9\u754c\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `plugin-extension` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
}
},
"mediawiki--57ad4abb33": {
"canonical_id": "mediawiki--57ad4abb33",
"title": "[MediaWiki-announce] MediaWiki 1.42 is End of Life",
@@ -10165,34 +10273,31 @@
"review_state": "ready"
}
},
"traefik--GHSA-46wh-3698-f2cx": {
"canonical_id": "traefik--GHSA-46wh-3698-f2cx",
"title": "Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)",
"summary": "## Summary\n\nThere is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go (CVE-2026-33186).\n\nA remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 `:path` pseudo-header omitting the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server routes such requests correctly, path-based authorization interceptors evaluate the raw non-canonical path and fail to match \"deny\" rules, allowing the request to bypass the policy entirely if a fallback \"allow\" rule is present.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.42\n- https://github.com/traefik/traefik/releases/tag/v3.6.12\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3\n\n## For more information\n\nIf there are any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n<details>\n<summary>Original Description</summary>\n\n### Summary\nThis CVE hits traefik until Version 3.6.11 and 2.11.41.\ngRPC-Go has an authorization bypass via missing leading slash in :path\n### Details\nAs described in https://github.com/advisories/GHSA-p77j-4mvh-x3m3\n### PoC\nUpdate library version in \nhttps://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108\n### Impact\nIs described in https://github.com/advisories/GHSA-p77j-4mvh-x3m3\n\n</details>\n\n\n----------",
"display_name": "Traefik",
"system_id": "traefik",
"category": "servers",
"severity": "medium",
"cvss_score": 4.0,
"mattermost--CVE-2026-27656": {
"canonical_id": "mattermost--CVE-2026-27656",
"title": "Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw",
"summary": "Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user discovery flow. Mattermost Advisory ID: MMSA-2026-00590",
"display_name": "Mattermost",
"system_id": "mattermost",
"category": "platforms",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-29T15:37:28Z",
"updated_at": "2026-03-29T15:49:22.073498Z",
"official_source_url": "https://github.com/traefik/traefik/security/advisories/GHSA-46wh-3698-f2cx",
"published_at": "2026-03-25T18:31:53Z",
"updated_at": "2026-03-31T05:32:49.079377Z",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27656",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-p77j-4mvh-x3m3",
"https://github.com/traefik/traefik",
"https://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108",
"https://github.com/traefik/traefik/releases/tag/v2.11.42",
"https://github.com/traefik/traefik/releases/tag/v3.6.12",
"https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3"
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"GHSA-46wh-3698-f2cx"
"CVE-2026-27656",
"GHSA-fg35-5rf6-qg3g"
],
"secure_code_topics": [
"proxy-trust-boundary",
"request-smuggling-boundary",
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
@@ -10206,68 +10311,72 @@
},
"entity_refs": [
{
"entity_id": "traefik",
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "traefik",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "traefik--repo--github-com-traefik-traefik-v3",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "traefik",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "traefik / traefik / v3",
"entity_id": "traefik--repo--github-com-traefik-traefik-v3",
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/traefik/traefik/v3",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<2.11.42",
"introduced=3.0.0-beta3, fixed<3.6.12",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.3"
"introduced=11.4.0-rc1, fixed<11.4.1",
"introduced=11.3.0-rc1, fixed<11.3.2",
"introduced=11.2.0-rc1, fixed<11.2.4",
"introduced=10.11.0-rc1, fixed<10.11.12",
"introduced=8.0.0-20260105080200-d27a2195068d, fixed<8.0.0-20260217110922-b7d4a1f1f59b"
],
"fixed_version_ranges": [
"2.11.42",
"3.6.12",
"3.7.0-ea.3"
"11.4.1",
"11.3.2",
"11.2.4",
"10.11.12",
"8.0.0-20260217110922-b7d4a1f1f59b"
],
"introduced_version": "introduced=3.7.0-ea.1, fixed<3.7.0-ea.3",
"patched_version": "2.11.42",
"introduced_version": "introduced=8.0.0-20260105080200-d27a2195068d, fixed<8.0.0-20260217110922-b7d4a1f1f59b",
"patched_version": "11.4.1",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"advisory_scope": "repo",
"workflow": {
"workflow_id": "traefik--GHSA-46wh-3698-f2cx--workflow",
"vuln_family": "authz-bypass",
"entry_surface": "privileged-route-or-object-reference",
"workflow_id": "mattermost--CVE-2026-27656--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<2.11.42, introduced=3.0.0-beta3, fixed<3.6.12, introduced=3.7.0-ea.1, fixed<3.7.0-ea.3",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=11.4.0-rc1, fixed<11.4.1, introduced=11.3.0-rc1, fixed<11.3.2, introduced=11.2.0-rc1, fixed<11.2.4",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "cross-tenant-or-low-privileged-user",
"required_role": "unknown",
"affected_version_assertion": [
"introduced=0, fixed<2.11.42",
"introduced=3.0.0-beta3, fixed<3.6.12",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.3"
"introduced=11.4.0-rc1, fixed<11.4.1",
"introduced=11.3.0-rc1, fixed<11.3.2",
"introduced=11.2.0-rc1, fixed<11.2.4",
"introduced=10.11.0-rc1, fixed<10.11.12",
"introduced=8.0.0-20260105080200-d27a2195068d, fixed<8.0.0-20260217110922-b7d4a1f1f59b"
],
"trigger_vector": "\u5bf9 `authz-bypass` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/*",
"/api/private/*",
"/tenant/*"
"/repo"
],
"input_shape": "\u4f7f\u7528\u4f4e\u6743\u9650\u8eab\u4efd\u8bbf\u95ee\u9ad8\u6743\u9650\u5bf9\u8c61\u6216\u8de8\u79df\u6237\u8d44\u6e90\u3002",
"expected_unsafe_behavior": "\u4f4e\u6743\u9650\u8eab\u4efd\u53ef\u8bbf\u95ee\u672c\u4e0d\u5e94\u53ef\u89c1\u7684\u6570\u636e\u6216\u64cd\u4f5c\u3002",
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
@@ -10286,10 +10395,145 @@
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<2.11.42, introduced=3.0.0-beta3, fixed<3.6.12, introduced=3.7.0-ea.1, fixed<3.7.0-ea.3` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `2.11.42`\u3002",
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=11.4.0-rc1, fixed<11.4.1, introduced=11.3.0-rc1, fixed<11.3.2, introduced=11.2.0-rc1, fixed<11.2.4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `11.4.1`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `authz-bypass` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
}
},
"mattermost--CVE-2026-26233": {
"canonical_id": "mattermost--CVE-2026-26233",
"title": "Mattermost doesn't rate limit login requests, allowing DoS",
"summary": "Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service (server crash and restart) via HTTP/2 single packet attack with 100+ parallel login requests.. Mattermost Advisory ID: MMSA-2025-00566",
"display_name": "Mattermost",
"system_id": "mattermost",
"category": "platforms",
"severity": "low",
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-25T18:31:52Z",
"updated_at": "2026-03-31T05:31:41.869147Z",
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26233",
"secondary_source_urls": [
"https://github.com/mattermost/mattermost",
"https://mattermost.com/security-updates"
],
"aliases": [
"CVE-2026-26233",
"GHSA-247x-7qw8-fp98"
],
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"token-cookie-storage",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"entity_refs": [
{
"entity_id": "mattermost",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mattermost",
"official": true
},
{
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "mattermost",
"official": false
}
],
"affected_components": [
{
"name": "mattermost / mattermost-server",
"entity_id": "mattermost--repo--github-com-mattermost-mattermost-server",
"scope": "repo",
"package_name": "github.com/mattermost/mattermost-server",
"official": false
}
],
"affected_version_ranges": [
"introduced=11.4.0-rc1, fixed<11.4.1",
"introduced=11.3.0-rc1, fixed<11.3.2",
"introduced=11.2.0-rc1, fixed<11.2.4",
"introduced=10.11.0-rc1, fixed<10.11.12",
"introduced=8.0.0-20260105080200-d27a2195068d, fixed<8.0.0-20260217110922-b7d4a1f1f59b"
],
"fixed_version_ranges": [
"11.4.1",
"11.3.2",
"11.2.4",
"10.11.12",
"8.0.0-20260217110922-b7d4a1f1f59b"
],
"introduced_version": "introduced=8.0.0-20260105080200-d27a2195068d, fixed<8.0.0-20260217110922-b7d4a1f1f59b",
"patched_version": "11.4.1",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"advisory_scope": "repo",
"workflow": {
"workflow_id": "mattermost--CVE-2026-26233--workflow",
"vuln_family": "unknown",
"entry_surface": "repo-surface",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=11.4.0-rc1, fixed<11.4.1, introduced=11.3.0-rc1, fixed<11.3.2, introduced=11.2.0-rc1, fixed<11.2.4",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "unknown",
"affected_version_assertion": [
"introduced=11.4.0-rc1, fixed<11.4.1",
"introduced=11.3.0-rc1, fixed<11.3.2",
"introduced=11.2.0-rc1, fixed<11.2.4",
"introduced=10.11.0-rc1, fixed<10.11.12",
"introduced=8.0.0-20260105080200-d27a2195068d, fixed<8.0.0-20260217110922-b7d4a1f1f59b"
],
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/repo"
],
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=11.4.0-rc1, fixed<11.4.1, introduced=11.3.0-rc1, fixed<11.3.2, introduced=11.2.0-rc1, fixed<11.2.4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `11.4.1`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
@@ -10310,7 +10554,7 @@
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-25T19:41:50Z",
"updated_at": "2026-03-27T21:52:37.272493Z",
"updated_at": "2026-03-30T12:26:07.105030Z",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-35pf-37c6-jxjv",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-33673",
@@ -10319,6 +10563,7 @@
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"aliases": [
"BIT-prestashop-2026-33673",
"CVE-2026-33673",
"GHSA-35pf-37c6-jxjv"
],
@@ -10498,7 +10743,7 @@
"cvss_score": 3.1,
"exploit_status": "unknown",
"published_at": "2026-03-25T19:40:42Z",
"updated_at": "2026-03-27T21:52:10.658795Z",
"updated_at": "2026-03-30T12:26:06.049752Z",
"official_source_url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v",
"secondary_source_urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2026-33674",
@@ -10507,6 +10752,7 @@
"https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"
],
"aliases": [
"BIT-prestashop-2026-33674",
"CVE-2026-33674",
"GHSA-283w-xf3q-788v"
],
@@ -10672,6 +10918,140 @@
"review_state": "ready"
}
},
"traefik--GHSA-46wh-3698-f2cx": {
"canonical_id": "traefik--GHSA-46wh-3698-f2cx",
"title": "Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)",
"summary": "## Summary\n\nThere is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go (CVE-2026-33186).\n\nA remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 `:path` pseudo-header omitting the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server routes such requests correctly, path-based authorization interceptors evaluate the raw non-canonical path and fail to match \"deny\" rules, allowing the request to bypass the policy entirely if a fallback \"allow\" rule is present.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.42\n- https://github.com/traefik/traefik/releases/tag/v3.6.12\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3\n\n## For more information\n\nIf there are any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n<details>\n<summary>Original Description</summary>\n\n### Summary\nThis CVE hits traefik until Version 3.6.11 and 2.11.41.\ngRPC-Go has an authorization bypass via missing leading slash in :path\n### Details\nAs described in https://github.com/advisories/GHSA-p77j-4mvh-x3m3\n### PoC\nUpdate library version in \nhttps://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108\n### Impact\nIs described in https://github.com/advisories/GHSA-p77j-4mvh-x3m3\n\n</details>\n\n\n----------",
"display_name": "Traefik",
"system_id": "traefik",
"category": "servers",
"severity": "medium",
"cvss_score": 4.0,
"exploit_status": "unknown",
"published_at": "2026-03-29T15:37:28Z",
"updated_at": "2026-03-29T15:49:22.073498Z",
"official_source_url": "https://github.com/traefik/traefik/security/advisories/GHSA-46wh-3698-f2cx",
"secondary_source_urls": [
"https://github.com/advisories/GHSA-p77j-4mvh-x3m3",
"https://github.com/traefik/traefik",
"https://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108",
"https://github.com/traefik/traefik/releases/tag/v2.11.42",
"https://github.com/traefik/traefik/releases/tag/v3.6.12",
"https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3"
],
"aliases": [
"GHSA-46wh-3698-f2cx"
],
"secure_code_topics": [
"proxy-trust-boundary",
"request-smuggling-boundary",
"authz-server-side-recheck",
"dependency-upgrade-policy"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"entity_refs": [
{
"entity_id": "traefik",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "traefik",
"official": true
},
{
"entity_id": "traefik--repo--github-com-traefik-traefik-v3",
"entity_type": "repo",
"relation": "affected-component",
"root_system_id": "traefik",
"official": false
}
],
"affected_components": [
{
"name": "traefik / traefik / v3",
"entity_id": "traefik--repo--github-com-traefik-traefik-v3",
"scope": "repo",
"package_name": "github.com/traefik/traefik/v3",
"official": false
}
],
"affected_version_ranges": [
"introduced=0, fixed<2.11.42",
"introduced=3.0.0-beta3, fixed<3.6.12",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.3"
],
"fixed_version_ranges": [
"2.11.42",
"3.6.12",
"3.7.0-ea.3"
],
"introduced_version": "introduced=3.7.0-ea.1, fixed<3.7.0-ea.3",
"patched_version": "2.11.42",
"version_confidence": "high",
"version_gap_reason": "",
"version_resolution_needed": false,
"advisory_scope": "repo",
"workflow": {
"workflow_id": "traefik--GHSA-46wh-3698-f2cx--workflow",
"vuln_family": "authz-bypass",
"entry_surface": "privileged-route-or-object-reference",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<2.11.42, introduced=3.0.0-beta3, fixed<3.6.12, introduced=3.7.0-ea.1, fixed<3.7.0-ea.3",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "cross-tenant-or-low-privileged-user",
"affected_version_assertion": [
"introduced=0, fixed<2.11.42",
"introduced=3.0.0-beta3, fixed<3.6.12",
"introduced=3.7.0-ea.1, fixed<3.7.0-ea.3"
],
"trigger_vector": "\u5bf9 `authz-bypass` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/*",
"/api/private/*",
"/tenant/*"
],
"input_shape": "\u4f7f\u7528\u4f4e\u6743\u9650\u8eab\u4efd\u8bbf\u95ee\u9ad8\u6743\u9650\u5bf9\u8c61\u6216\u8de8\u79df\u6237\u8d44\u6e90\u3002",
"expected_unsafe_behavior": "\u4f4e\u6743\u9650\u8eab\u4efd\u53ef\u8bbf\u95ee\u672c\u4e0d\u5e94\u53ef\u89c1\u7684\u6570\u636e\u6216\u64cd\u4f5c\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<2.11.42, introduced=3.0.0-beta3, fixed<3.6.12, introduced=3.7.0-ea.1, fixed<3.7.0-ea.3` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `2.11.42`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `authz-bypass` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "ready"
}
},
"traefik--CVE-2026-33433": {
"canonical_id": "traefik--CVE-2026-33433",
"title": "Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField",