hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

更新: 421 个文件 - 2026-03-17 18:30:02

浏览代码
这个提交包含在:
hao
2026-03-17 18:30:02 -07:00
父节点 29c3faaa28
当前提交 a3edc88834
修改 421 个文件,包含 12474 行新增5845 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

145
08-threat-intel/registry/runs/gitea-gitea--CVE-2018-15192-20260318012749.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2018-15192-20260318012749",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-15192",
"repro_profile_id": "gitea-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:27:49+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-15192"
},
{
"at": "2026-03-18T01:27:49+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-ssrf"
},
{
"at": "2026-03-18T01:27:49+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:52+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:27:54+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:27:54+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-15192-20260318012749"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:27:49+00:00",
"finished_at": "2026-03-18T01:27:54+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2018-18926-20260318012526.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2018-18926-20260318012526",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2018-18926",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:25:26+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2018-18926"
},
{
"at": "2026-03-18T01:25:26+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T01:25:27+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:25:41+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:25:42+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:25:43+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:25:43+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:25:45+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:25:45+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2018-18926-20260318012526"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:25:26+00:00",
"finished_at": "2026-03-18T01:25:45+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2019-1010261-20260318012624.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2019-1010261-20260318012624",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2019-1010261",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:26:24+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2019-1010261"
},
{
"at": "2026-03-18T01:26:24+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T01:26:24+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:26:27+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:26:28+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:26:28+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:26:29+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:26:29+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:26:30+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:26:30+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2019-1010261-20260318012624"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:26:24+00:00",
"finished_at": "2026-03-18T01:26:30+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2020-13246-20260318012806.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2020-13246-20260318012806",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2020-13246",
"repro_profile_id": "gitea-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json"
],
"baseline_title": "Gitea Proxy Boundary Fixture",
"proof_title": "Gitea Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:06+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2020-13246"
},
{
"at": "2026-03-18T01:28:06+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-proxy-boundary"
},
{
"at": "2026-03-18T01:28:07+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:10+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:11+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2020-13246-20260318012806"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:06+00:00",
"finished_at": "2026-03-18T01:28:13+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/gitea-gitea--CVE-2021-28378-20260318012813.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "gitea-gitea--CVE-2021-28378-20260318012813",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2021-28378",
"repro_profile_id": "gitea-xss",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.xss",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json"
],
"baseline_title": "Gitea Stored XSS Fixture",
"proof_title": "Gitea Stored XSS Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:13+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2021-28378"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-xss"
},
{
"at": "2026-03-18T01:28:13+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:17+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:17+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:18+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:18+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:19+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:19+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2021-28378-20260318012813"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "stored payload rendered inside the browser proof page"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:13+00:00",
"finished_at": "2026-03-18T01:28:19+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd"
}
}

145
08-threat-intel/registry/runs/gitea-gitea--CVE-2025-68940-20260318012708.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "gitea-gitea--CVE-2025-68940-20260318012708",
"system_id": "gitea",
"advisory_id": "gitea--CVE-2025-68940",
"repro_profile_id": "gitea-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "gitea.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:27:08+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "gitea--CVE-2025-68940"
},
{
"at": "2026-03-18T01:27:08+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "gitea-authz-bypass"
},
{
"at": "2026-03-18T01:27:08+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:27:11+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:27:12+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:27:12+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "gitea-gitea--CVE-2025-68940-20260318012708"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:27:08+00:00",
"finished_at": "2026-03-18T01:27:12+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd"
}
}

197
08-threat-intel/registry/runs/nextjs-nextjs--CVE-2020-15242-20260318012830.json 普通文件
查看文件

@@ -0,0 +1,197 @@
{
"run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2020-15242",
"repro_profile_id": "nextjs-proxy-boundary",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.proxy-boundary",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json"
}
],
"browser_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"browser_evidence": {
"required": true,
"present": true,
"refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json"
],
"proof_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json"
],
"baseline_title": "Next.js Proxy Boundary Fixture",
"proof_title": "Next.js Proxy Boundary Fixture - proof",
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:28:30+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2020-15242"
},
{
"at": "2026-03-18T01:28:30+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-proxy-boundary"
},
{
"at": "2026-03-18T01:28:31+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "browser-replay-before-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:34+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:28:35+00:00",
"step": "browser-replay-after-attack",
"status": "completed",
"detail": ""
},
{
"at": "2026-03-18T01:28:35+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:28:37+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:28:37+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2020-15242-20260318012830"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "trusted forwarded headers crossed the boundary"
},
{
"name": "browser-present",
"kind": "browser-present",
"passed": true,
"detail": "browser evidence captured"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:28:30+00:00",
"finished_at": "2026-03-18T01:28:37+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd"
}
}

145
08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-34351-20260318012953.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "nextjs-nextjs--CVE-2024-34351-20260318012953",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-34351",
"repro_profile_id": "nextjs-ssrf",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.ssrf",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:29:53+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-34351"
},
{
"at": "2026-03-18T01:29:53+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-ssrf"
},
{
"at": "2026-03-18T01:29:53+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:56+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:29:57+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:29:57+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-34351-20260318012953"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side callback reached the local sink"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:29:53+00:00",
"finished_at": "2026-03-18T01:29:57+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-34351-20260318012953/timeline.mmd"
}
}

145
08-threat-intel/registry/runs/nextjs-nextjs--CVE-2024-51479-20260318012913.json 普通文件
查看文件

@@ -0,0 +1,145 @@
{
"run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913",
"system_id": "nextjs",
"advisory_id": "nextjs--CVE-2024-51479",
"repro_profile_id": "nextjs-authz-bypass",
"verification_status": "verified-real",
"verification_mode": "real",
"artifact_mode": "local-fixture",
"target_env": "local-docker",
"compose_services": [
"app"
],
"baseline_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"attack_steps": [
{
"kind": "runner",
"tool": "nextjs.authz-bypass",
"status": "completed",
"status_code": 200,
"result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
}
],
"browser_refs": [],
"browser_evidence": {
"required": false,
"present": false,
"refs": [],
"baseline_refs": [],
"proof_refs": [],
"baseline_title": null,
"proof_title": null,
"error_kind": null,
"reason": null
},
"container_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log"
],
"request_log_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json",
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json"
],
"compose_refs": [
"/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml"
],
"timeline": [
{
"at": "2026-03-18T01:29:13+00:00",
"step": "select-advisory",
"status": "completed",
"detail": "nextjs--CVE-2024-51479"
},
{
"at": "2026-03-18T01:29:13+00:00",
"step": "resolve-repro-profile",
"status": "completed",
"detail": "nextjs-authz-bypass"
},
{
"at": "2026-03-18T01:29:13+00:00",
"step": "doctor",
"status": "completed",
"detail": "all checks passed"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "provision-compose-environment",
"status": "ready",
"detail": ""
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "wait-ready",
"status": "completed",
"detail": "baseline urls ready (1)"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "seed-environment",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "baseline-snapshot",
"status": "completed",
"detail": "urls=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "controlled-attack-chain",
"status": "completed",
"detail": "steps=1"
},
{
"at": "2026-03-18T01:29:16+00:00",
"step": "collect-logs-and-evidence",
"status": "completed",
"detail": "container_logs=1"
},
{
"at": "2026-03-18T01:29:17+00:00",
"step": "cleanup-compose-environment",
"status": "completed",
"detail": "docker compose down completed"
},
{
"at": "2026-03-18T01:29:17+00:00",
"step": "update-registry-and-reports",
"status": "completed",
"detail": "nextjs-nextjs--CVE-2024-51479-20260318012913"
}
],
"success_evaluation": {
"passed": true,
"verification_status": "verified-real",
"blocked_reason": null,
"assertions": [
{
"name": "baseline-ok",
"kind": "baseline-ok",
"passed": true,
"detail": "baseline URLs responded without 5xx or transport errors"
},
{
"name": "runner-success",
"kind": "runner-success",
"passed": true,
"detail": "server-side authorization recheck was bypassed"
}
]
},
"historical_status": "verified-real",
"latest_status": "verified-real",
"started_at": "2026-03-18T01:29:13+00:00",
"finished_at": "2026-03-18T01:29:17+00:00",
"blocked_reason": null,
"report_refs": {
"bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913",
"report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md",
"report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html",
"timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd"
}
}