# 运行 gitea-gitea--CVE-2018-15192-20260318023002

> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle

- 漏洞条目: `gitea--CVE-2018-15192`
- 系统: `gitea`
- Repro Profile: `gitea-ssrf`
- 实证状态: `blocked-artifact`
- 实证方式: `real`
- Artifact 模式: `local-fixture`
- 启动时间: `2026-03-18T02:30:02+00:00`
- 完成时间: `2026-03-18T02:42:30+00:00`
- 阻塞原因: `chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
  - <launched> pid=25167
`
- Compose 服务: `app`

## 运行时间线

- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318023002/timeline.mmd)

| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-18T02:30:02+00:00` | `select-advisory` | `completed` | gitea--CVE-2018-15192 |
| `2026-03-18T02:30:02+00:00` | `resolve-repro-profile` | `completed` | gitea-ssrf |
| `2026-03-18T02:42:30+00:00` | `doctor` | `failed` | chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
  - <launched> pid=25167
 |
| `2026-03-18T02:42:30+00:00` | `provision-compose-environment` | `blocked-artifact` | chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded.
Call log:
  - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window
  - <launched> pid=25167
 |
| `2026-03-18T02:42:30+00:00` | `wait-ready` | `skipped` | provisioning blocked |
| `2026-03-18T02:42:30+00:00` | `seed-environment` | `skipped` | runtime steps unavailable |
| `2026-03-18T02:42:30+00:00` | `baseline-snapshot` | `skipped` | no baseline urls or provisioning blocked |
| `2026-03-18T02:42:30+00:00` | `controlled-attack-chain` | `skipped` | provisioning blocked |
| `2026-03-18T02:42:30+00:00` | `collect-logs-and-evidence` | `skipped` | container_logs=0 |
| `2026-03-18T02:42:30+00:00` | `cleanup-compose-environment` | `skipped` | cleanup_policy not destroy |
| `2026-03-18T02:42:30+00:00` | `update-registry-and-reports` | `completed` | gitea-gitea--CVE-2018-15192-20260318023002 |

## Compose 拓扑

- Compose 文件: `-`
- 服务列表: `app`

## 攻击步骤

| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `-` | `skipped` | `no attack steps` |

## 证据摘要

- Baseline: `0`
- 攻击步骤: `0`
- 浏览器证据: `0`
- 容器日志: `0`
- 请求日志: `0`

## 最小化验证说明

- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。