更新: 421 个文件 - 2026-03-17 18:30:02

2026-03-17 18:30:02 -07:00
--- a/07-framework-security/platforms/gitea/INDEX.md
+++ b/07-framework-security/platforms/gitea/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `gitea`
 - 分类: `platforms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `37`
- 近 30 天新增/更新: `37`
- 重点 Markdown 案例数: `37`
+- 总案例数: `30`
+- 近 30 天新增/更新: `30`
+- 重点 Markdown 案例数: `30`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
- 阻塞数: `1`
- 待人工/缺浏览器证据: `36`
- 最近渲染时间: `2026-03-17T12:57:16+00:00`
+- 阻塞数: `0`
+- 待人工/缺浏览器证据: `30`
+- 最近渲染时间: `2026-03-18T01:29:38+00:00`

 ## 目标约束

@@ -42,8 +42,6 @@
 | Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:55.747880Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md) |
 | Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.801641Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md) |
 | Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.095775Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md) |
-| Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea | `unknown` | `generated` | `blocked-artifact` | `real` | `official` | `2026-03-03T04:57:48.777563Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md) |
-| Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.087298Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md) |
 | Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.339953Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md) |
 | Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.781753Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md) |
 | Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:49.213758Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md) |
@@ -52,9 +50,6 @@
 | Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:57:50.473303Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md) |
 | Gitea vulnerable to Argument Injection in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:41.181693Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md) |
 | Improper Privilege Management in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:33.136607Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md) |
-| Gitea Remote Code Execution (RCE) in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:20.787387Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md) |
-| Denial of Service in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:17.939867Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md) |
-| Cross-site Scripting in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:18.307544Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md) |
 | Gitea Missing Authorization vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.472605Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md) |
 | Stored Cross-site Scripting in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:45.577318Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md) |
 | Arbitrary file deletion in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:50:19.647131Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md) |
@@ -63,8 +58,6 @@
 | Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.604662Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md) |
 | Capture-replay in Gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:52:07.840324Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md) |
 | Gitea erroneous repo clones in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:07.076900Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md) |
-| Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:54:04.686907Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md) |
-| Gitea XSS Vulnerability in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:53:57.848904Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md) |
 | Gitea allowed assignment of private issues in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:04.505871Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md) |
 | Buffer Overflow in gitea in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:55:15.307648Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md) |
 | Gitea Open Redirect in code.gitea.io/gitea | `unknown` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-03T04:51:49.844240Z` | [link](/Users/x/websafe/07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md) |
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:54:04.686907Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2018-15192-20260318012749"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -41,12 +41,12 @@ primary_source: "https://github.com/advisories/GHSA-fg3x-rwq9-74cw"

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2018-15192-20260318012749`
 - 浏览器证据: `missing`
- Run Bundle: `-`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749`

 ## 事件层

--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:52:20.787387Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2018-18926-20260318012526"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -38,12 +38,12 @@ primary_source: "https://github.com/advisories/GHSA-hf6f-jq25-8gq9"

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2018-18926-20260318012526`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526`

 ## 事件层

--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:53:57.848904Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2019-1010261-20260318012624"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-5rh7-6gfj-mc87"

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2019-1010261-20260318012624`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624`

 ## 事件层

--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:52:17.939867Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2020-13246-20260318012806"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-g2qx-6ghw-67hm"

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2020-13246-20260318012806`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806`

 ## 事件层

--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:52:18.307544Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2021-28378-20260318012813"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -40,12 +40,12 @@ primary_source: "https://github.com/advisories/GHSA-g95p-88p4-76cm"

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
- 浏览器证据: `missing`
- Run Bundle: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2021-28378-20260318012813`
+- 浏览器证据: `present`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813`

 ## 事件层

--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md
@@ -8,10 +8,10 @@ updated_date: "2026-03-03T04:57:50.087298Z"
 severity: "unknown"
 exploit_status: "unknown"
 source_confidence: "official"
-verification_status: "triage-manual"
-verification_mode: "synthetic"
-artifact_mode: "synthetic"
-last_run_id: ""
+verification_status: "verified-real"
+verification_mode: "real"
+artifact_mode: "local-fixture"
+last_run_id: "gitea-gitea--CVE-2025-68940-20260318012708"
 target_types:
  - "lab-local"
  - "lab-public"
@@ -39,12 +39,12 @@ primary_source: "https://github.com/advisories/GHSA-rrcw-5rjv-vj26"

 ## 本地实证状态

- 实证状态: `triage-manual`
- 实证方式: `synthetic`
- Artifact 模式: `synthetic`
- 最近运行: `-`
+- 实证状态: `verified-real`
+- 实证方式: `real`
+- Artifact 模式: `local-fixture`
+- 最近运行: `gitea-gitea--CVE-2025-68940-20260318012708`
 - 浏览器证据: `missing`
- Run Bundle: `-`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708`

 ## 事件层