[ { "run_id": "nextjs-nextjs--CVE-2024-51479-20260318012913", "system_id": "nextjs", "advisory_id": "nextjs--CVE-2024-51479", "repro_profile_id": "nextjs-authz-bypass", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "nextjs.authz-bypass", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json" } ], "browser_refs": [], "browser_evidence": { "required": false, "present": false, "refs": [], "baseline_refs": [], "proof_refs": [], "baseline_title": null, "proof_title": null, "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:29:13+00:00", "step": "select-advisory", "status": "completed", "detail": "nextjs--CVE-2024-51479" }, { "at": "2026-03-18T01:29:13+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "nextjs-authz-bypass" }, { "at": "2026-03-18T01:29:13+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:29:16+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:29:16+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:29:16+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:29:16+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:29:16+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:29:16+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:29:17+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:29:17+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "nextjs-nextjs--CVE-2024-51479-20260318012913" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "server-side authorization recheck was bypassed" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:29:13+00:00", "finished_at": "2026-03-18T01:29:17+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html", "report_md": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md", "timeline": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd", "bundle": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json" }, "browser_links": [], "container_links": [ "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log" ], "request_links": [ "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json", "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json" ], "advisory_meta": { "canonical_id": "nextjs--CVE-2024-51479", "title": "Next.js authorization bypass vulnerability", "summary": "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.", "display_name": "Next.js", "system_id": "nextjs", "category": "frameworks", "severity": "low", "cvss_score": 3.1, "exploit_status": "unknown", "published_at": "2024-12-17T15:09:06Z", "updated_at": "2025-09-10T21:12:24Z", "official_source_url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f", "secondary_source_urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2024-51479", "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b", "https://github.com/vercel/next.js", "https://github.com/vercel/next.js/releases/tag/v14.2.15" ], "aliases": [ "CVE-2024-51479", "GHSA-7gfc-8cq8-jh5f" ], "secure_code_topics": [ "authz-server-side-recheck", "proxy-trust-boundary", "token-cookie-storage" ], "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "blocked_reason": null, "browser_evidence": { "required": false, "present": false, "refs": [] } }, "profile_meta": { "profile_id": "nextjs-authz-bypass", "vuln_family": "authz-bypass", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Protected route is reachable only after the controlled bypass proof step." ], "seed_actions": [ { "kind": "note", "message": "Seed guest/admin route fixture for server-side recheck." } ], "attack_actions": [ { "kind": "note", "message": "Runner performs local authz bypass proof only." } ], "browser_assertions": { "required": false }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "### Impact\nIf a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\n### Patches\nThis issue was patched in Next.js `14.2.15` and later.\n\nIf your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.\n\n### Workarounds\nThere are no official workarounds for this vulnerability.\n\n#### Credits\nWe'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.", "Seed guest/admin route fixture for server-side recheck.", "Runner performs local authz bypass proof only.", "Protected route is reachable only after the controlled bypass proof step." ], "progress": { "completed": 10, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "nextjs-nextjs--CVE-2020-15242-20260318012830", "system_id": "nextjs", "advisory_id": "nextjs--CVE-2020-15242", "repro_profile_id": "nextjs-proxy-boundary", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "nextjs.proxy-boundary", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json" } ], "browser_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json" ], "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json" ], "proof_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json" ], "baseline_title": "Next.js Proxy Boundary Fixture", "proof_title": "Next.js Proxy Boundary Fixture - proof", "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:28:30+00:00", "step": "select-advisory", "status": "completed", "detail": "nextjs--CVE-2020-15242" }, { "at": "2026-03-18T01:28:30+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "nextjs-proxy-boundary" }, { "at": "2026-03-18T01:28:31+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:28:34+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:28:34+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:28:34+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:28:34+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:28:34+00:00", "step": "browser-replay-before-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:28:34+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:28:35+00:00", "step": "browser-replay-after-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:28:35+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:28:37+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:28:37+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "nextjs-nextjs--CVE-2020-15242-20260318012830" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "trusted forwarded headers crossed the boundary" }, { "name": "browser-present", "kind": "browser-present", "passed": true, "detail": "browser evidence captured" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:28:30+00:00", "finished_at": "2026-03-18T01:28:37+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html", "report_md": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md", "timeline": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd", "bundle": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json" }, "browser_links": [ "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json" ], "container_links": [ "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log" ], "request_links": [ "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json", "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "nextjs-proxy-boundary", "vuln_family": "proxy-boundary", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Middleware trust-boundary proof is visible on the browser proof page." ], "seed_actions": [ { "kind": "note", "message": "Seed middleware boundary fixture with clean proxy state." } ], "attack_actions": [ { "kind": "note", "message": "Runner performs forwarded-header proof against local fixture only." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed middleware boundary fixture with clean proxy state.", "Runner performs forwarded-header proof against local fixture only.", "Middleware trust-boundary proof is visible on the browser proof page." ], "progress": { "completed": 12, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "browser", "label": "\u6d4f\u89c8\u5668\u8bc1\u636e", "count": 10, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline.png", "label": "baseline.png", "kind": "image" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/baseline-dom.html", "label": "baseline-dom.html", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-console.json", "label": "baseline-console.json", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-network.json", "label": "baseline-network.json", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/baseline-page.json", "label": "baseline-page.json", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof.png", "label": "proof.png", "kind": "image" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/assets/proof-dom.html", "label": "proof-dom.html", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-console.json", "label": "proof-console.json", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-network.json", "label": "proof-network.json", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/proof-page.json", "label": "proof-page.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2020-15242-20260318012830/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2021-28378-20260318012813", "system_id": "gitea", "advisory_id": "gitea--CVE-2021-28378", "repro_profile_id": "gitea-xss", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "gitea.xss", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json" } ], "browser_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json" ], "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json" ], "proof_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json" ], "baseline_title": "Gitea Stored XSS Fixture", "proof_title": "Gitea Stored XSS Fixture - proof", "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:28:13+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2021-28378" }, { "at": "2026-03-18T01:28:13+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "gitea-xss" }, { "at": "2026-03-18T01:28:13+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:28:16+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:28:16+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:28:16+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:28:16+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:28:17+00:00", "step": "browser-replay-before-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:28:17+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:28:18+00:00", "step": "browser-replay-after-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:28:18+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:28:19+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:28:19+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-gitea--CVE-2021-28378-20260318012813" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "stored payload rendered inside the browser proof page" }, { "name": "browser-present", "kind": "browser-present", "passed": true, "detail": "browser evidence captured" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:28:13+00:00", "finished_at": "2026-03-18T01:28:19+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html", "report_md": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md", "timeline": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json" }, "browser_links": [ "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json" ], "container_links": [ "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log" ], "request_links": [ "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json", "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "gitea-xss", "vuln_family": "xss", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Browser proof page renders the stored XSS marker after the controlled payload." ], "seed_actions": [ { "kind": "note", "message": "Seed stored content page before browser proof capture." } ], "attack_actions": [ { "kind": "note", "message": "Runner stores inert script payload and captures proof page." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed stored content page before browser proof capture.", "Runner stores inert script payload and captures proof page.", "Browser proof page renders the stored XSS marker after the controlled payload." ], "progress": { "completed": 12, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "browser", "label": "\u6d4f\u89c8\u5668\u8bc1\u636e", "count": 10, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline.png", "label": "baseline.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/baseline-dom.html", "label": "baseline-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-console.json", "label": "baseline-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-network.json", "label": "baseline-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/baseline-page.json", "label": "baseline-page.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof.png", "label": "proof.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/assets/proof-dom.html", "label": "proof-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-console.json", "label": "proof-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-network.json", "label": "proof-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/proof-page.json", "label": "proof-page.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2021-28378-20260318012813/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2020-13246-20260318012806", "system_id": "gitea", "advisory_id": "gitea--CVE-2020-13246", "repro_profile_id": "gitea-proxy-boundary", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "gitea.proxy-boundary", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json" } ], "browser_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json" ], "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json" ], "proof_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json" ], "baseline_title": "Gitea Proxy Boundary Fixture", "proof_title": "Gitea Proxy Boundary Fixture - proof", "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:28:06+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2020-13246" }, { "at": "2026-03-18T01:28:06+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "gitea-proxy-boundary" }, { "at": "2026-03-18T01:28:07+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:28:10+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:28:10+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:28:10+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:28:10+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:28:10+00:00", "step": "browser-replay-before-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:28:10+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:28:11+00:00", "step": "browser-replay-after-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:28:11+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:28:13+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:28:13+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-gitea--CVE-2020-13246-20260318012806" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "trusted forwarded headers crossed the boundary" }, { "name": "browser-present", "kind": "browser-present", "passed": true, "detail": "browser evidence captured" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:28:06+00:00", "finished_at": "2026-03-18T01:28:13+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html", "report_md": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md", "timeline": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json" }, "browser_links": [ "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json" ], "container_links": [ "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log" ], "request_links": [ "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json", "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "gitea-proxy-boundary", "vuln_family": "proxy-boundary", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Local fixture proves trusted proxy headers cross the admin boundary." ], "seed_actions": [ { "kind": "note", "message": "Seed forwarded-header boundary fixture with clean state." } ], "attack_actions": [ { "kind": "note", "message": "Runner performs local forwarded-header trust proof only inside the fixture." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed forwarded-header boundary fixture with clean state.", "Runner performs local forwarded-header trust proof only inside the fixture.", "Local fixture proves trusted proxy headers cross the admin boundary." ], "progress": { "completed": 12, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "browser", "label": "\u6d4f\u89c8\u5668\u8bc1\u636e", "count": 10, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline.png", "label": "baseline.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/baseline-dom.html", "label": "baseline-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-console.json", "label": "baseline-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-network.json", "label": "baseline-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/baseline-page.json", "label": "baseline-page.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof.png", "label": "proof.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/assets/proof-dom.html", "label": "proof-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-console.json", "label": "proof-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-network.json", "label": "proof-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/proof-page.json", "label": "proof-page.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2020-13246-20260318012806/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2018-15192-20260318012749", "system_id": "gitea", "advisory_id": "gitea--CVE-2018-15192", "repro_profile_id": "gitea-ssrf", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "gitea.ssrf", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json" } ], "browser_refs": [], "browser_evidence": { "required": false, "present": false, "refs": [], "baseline_refs": [], "proof_refs": [], "baseline_title": null, "proof_title": null, "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:27:49+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2018-15192" }, { "at": "2026-03-18T01:27:49+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "gitea-ssrf" }, { "at": "2026-03-18T01:27:49+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:27:52+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:27:52+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:27:52+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:27:52+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:27:52+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:27:52+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:27:54+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:27:54+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-gitea--CVE-2018-15192-20260318012749" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "server-side callback reached the local sink" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:27:49+00:00", "finished_at": "2026-03-18T01:27:54+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html", "report_md": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md", "timeline": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json" }, "browser_links": [], "container_links": [ "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log" ], "request_links": [ "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json", "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "gitea-ssrf", "vuln_family": "ssrf", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Server-side callback reaches the local sink and is recorded in proof output." ], "seed_actions": [ { "kind": "note", "message": "Seed local sink counters only." } ], "attack_actions": [ { "kind": "note", "message": "Runner triggers callback strictly to local sink endpoint." } ], "browser_assertions": { "required": false }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed local sink counters only.", "Runner triggers callback strictly to local sink endpoint.", "Server-side callback reaches the local sink and is recorded in proof output." ], "progress": { "completed": 10, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-15192-20260318012749/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2025-68940-20260318012708", "system_id": "gitea", "advisory_id": "gitea--CVE-2025-68940", "repro_profile_id": "gitea-authz-bypass", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "gitea.authz-bypass", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json" } ], "browser_refs": [], "browser_evidence": { "required": false, "present": false, "refs": [], "baseline_refs": [], "proof_refs": [], "baseline_title": null, "proof_title": null, "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:27:08+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2025-68940" }, { "at": "2026-03-18T01:27:08+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "gitea-authz-bypass" }, { "at": "2026-03-18T01:27:08+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:27:11+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:27:11+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:27:11+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:27:11+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:27:11+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:27:11+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:27:12+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:27:12+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-gitea--CVE-2025-68940-20260318012708" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "server-side authorization recheck was bypassed" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:27:08+00:00", "finished_at": "2026-03-18T01:27:12+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html", "report_md": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md", "timeline": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json" }, "browser_links": [], "container_links": [ "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log" ], "request_links": [ "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json", "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "gitea-authz-bypass", "vuln_family": "authz-bypass", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Controlled guest request reaches the protected admin route inside the fixture." ], "seed_actions": [ { "kind": "note", "message": "Seed low-privilege and admin boundary fixture state." } ], "attack_actions": [ { "kind": "note", "message": "Runner verifies guest-to-admin bypass only inside fixture route." } ], "browser_assertions": { "required": false }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed low-privilege and admin boundary fixture state.", "Runner verifies guest-to-admin bypass only inside fixture route.", "Controlled guest request reaches the protected admin route inside the fixture." ], "progress": { "completed": 10, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68940-20260318012708/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2019-1010261-20260318012624", "system_id": "gitea", "advisory_id": "gitea--CVE-2019-1010261", "repro_profile_id": "gitea-xss", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "gitea.xss", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json" } ], "browser_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json" ], "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json" ], "proof_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json" ], "baseline_title": "Gitea Stored XSS Fixture", "proof_title": "Gitea Stored XSS Fixture - proof", "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:26:24+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2019-1010261" }, { "at": "2026-03-18T01:26:24+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "gitea-xss" }, { "at": "2026-03-18T01:26:24+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:26:27+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:26:27+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:26:27+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:26:27+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:26:28+00:00", "step": "browser-replay-before-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:26:28+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:26:29+00:00", "step": "browser-replay-after-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:26:29+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:26:30+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:26:30+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-gitea--CVE-2019-1010261-20260318012624" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "stored payload rendered inside the browser proof page" }, { "name": "browser-present", "kind": "browser-present", "passed": true, "detail": "browser evidence captured" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:26:24+00:00", "finished_at": "2026-03-18T01:26:30+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html", "report_md": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md", "timeline": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json" }, "browser_links": [ "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json" ], "container_links": [ "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log" ], "request_links": [ "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json", "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "gitea-xss", "vuln_family": "xss", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Browser proof page renders the stored XSS marker after the controlled payload." ], "seed_actions": [ { "kind": "note", "message": "Seed stored content page before browser proof capture." } ], "attack_actions": [ { "kind": "note", "message": "Runner stores inert script payload and captures proof page." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed stored content page before browser proof capture.", "Runner stores inert script payload and captures proof page.", "Browser proof page renders the stored XSS marker after the controlled payload." ], "progress": { "completed": 12, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "browser", "label": "\u6d4f\u89c8\u5668\u8bc1\u636e", "count": 10, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline.png", "label": "baseline.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/baseline-dom.html", "label": "baseline-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-console.json", "label": "baseline-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-network.json", "label": "baseline-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/baseline-page.json", "label": "baseline-page.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof.png", "label": "proof.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/assets/proof-dom.html", "label": "proof-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-console.json", "label": "proof-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-network.json", "label": "proof-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/proof-page.json", "label": "proof-page.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2019-1010261-20260318012624/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2018-18926-20260318012526", "system_id": "gitea", "advisory_id": "gitea--CVE-2018-18926", "repro_profile_id": "gitea-proxy-boundary", "verification_status": "verified-real", "verification_mode": "real", "artifact_mode": "local-fixture", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json" ], "attack_steps": [ { "kind": "runner", "tool": "gitea.proxy-boundary", "status": "completed", "status_code": 200, "result_path": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json" } ], "browser_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json" ], "browser_evidence": { "required": true, "present": true, "refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json" ], "proof_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json" ], "baseline_title": "Gitea Proxy Boundary Fixture", "proof_title": "Gitea Proxy Boundary Fixture - proof", "error_kind": null, "reason": null }, "container_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log" ], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json" ], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-18T01:25:26+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2018-18926" }, { "at": "2026-03-18T01:25:26+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "gitea-proxy-boundary" }, { "at": "2026-03-18T01:25:27+00:00", "step": "doctor", "status": "completed", "detail": "all checks passed" }, { "at": "2026-03-18T01:25:41+00:00", "step": "provision-compose-environment", "status": "ready", "detail": "" }, { "at": "2026-03-18T01:25:42+00:00", "step": "wait-ready", "status": "completed", "detail": "baseline urls ready (1)" }, { "at": "2026-03-18T01:25:42+00:00", "step": "seed-environment", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:25:42+00:00", "step": "baseline-snapshot", "status": "completed", "detail": "urls=1" }, { "at": "2026-03-18T01:25:42+00:00", "step": "browser-replay-before-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:25:42+00:00", "step": "controlled-attack-chain", "status": "completed", "detail": "steps=1" }, { "at": "2026-03-18T01:25:43+00:00", "step": "browser-replay-after-attack", "status": "completed", "detail": "" }, { "at": "2026-03-18T01:25:43+00:00", "step": "collect-logs-and-evidence", "status": "completed", "detail": "container_logs=1" }, { "at": "2026-03-18T01:25:45+00:00", "step": "cleanup-compose-environment", "status": "completed", "detail": "docker compose down completed" }, { "at": "2026-03-18T01:25:45+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-gitea--CVE-2018-18926-20260318012526" } ], "success_evaluation": { "passed": true, "verification_status": "verified-real", "blocked_reason": null, "assertions": [ { "name": "baseline-ok", "kind": "baseline-ok", "passed": true, "detail": "baseline URLs responded without 5xx or transport errors" }, { "name": "runner-success", "kind": "runner-success", "passed": true, "detail": "trusted forwarded headers crossed the boundary" }, { "name": "browser-present", "kind": "browser-present", "passed": true, "detail": "browser evidence captured" } ] }, "historical_status": "verified-real", "latest_status": "verified-real", "started_at": "2026-03-18T01:25:26+00:00", "finished_at": "2026-03-18T01:25:45+00:00", "blocked_reason": null, "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html", "report_md": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md", "timeline": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json" }, "browser_links": [ "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json" ], "container_links": [ "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log" ], "request_links": [ "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json", "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "gitea-proxy-boundary", "vuln_family": "proxy-boundary", "provisioning_mode": "real", "destructive_risk": "low", "cleanup_policy": "destroy", "artifact_source": { "strategy": "local-minimal-fixture" }, "success_criteria": [ "Local fixture proves trusted proxy headers cross the admin boundary." ], "seed_actions": [ { "kind": "note", "message": "Seed forwarded-header boundary fixture with clean state." } ], "attack_actions": [ { "kind": "note", "message": "Runner performs local forwarded-header trust proof only inside the fixture." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Seed forwarded-header boundary fixture with clean state.", "Runner performs local forwarded-header trust proof only inside the fixture.", "Local fixture proves trusted proxy headers cross the admin boundary." ], "progress": { "completed": 12, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 1 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "attack", "label": "\u653b\u51fb\u8f93\u51fa", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json", "label": "attack.json", "kind": "text" } ] }, { "key": "browser", "label": "\u6d4f\u89c8\u5668\u8bc1\u636e", "count": 10, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline.png", "label": "baseline.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/baseline-dom.html", "label": "baseline-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-console.json", "label": "baseline-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-network.json", "label": "baseline-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/baseline-page.json", "label": "baseline-page.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof.png", "label": "proof.png", "kind": "image" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/assets/proof-dom.html", "label": "proof-dom.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-console.json", "label": "proof-console.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-network.json", "label": "proof-network.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/proof-page.json", "label": "proof-page.json", "kind": "text" } ] }, { "key": "container", "label": "\u5bb9\u5668\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/docker/app.log", "label": "app.log", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/gitea-gitea--CVE-2018-18926-20260318012526/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] }, { "run_id": "gitea-livecheck-20260316", "system_id": "gitea", "advisory_id": "gitea--CVE-2025-68939", "repro_profile_id": "file-upload-generic", "verification_status": "blocked-artifact", "verification_mode": "real", "artifact_mode": "official-image", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [], "attack_steps": [], "browser_refs": [], "browser_evidence": { "required": true, "present": false, "refs": [], "baseline_refs": [], "proof_refs": [], "baseline_title": null, "proof_title": null }, "container_log_refs": [], "request_log_refs": [], "compose_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml" ], "timeline": [ { "at": "2026-03-17T07:02:55+00:00", "step": "select-advisory", "status": "completed", "detail": "gitea--CVE-2025-68939" }, { "at": "2026-03-17T07:02:55+00:00", "step": "resolve-repro-profile", "status": "completed", "detail": "file-upload-generic" }, { "at": "2026-03-17T07:02:56+00:00", "step": "provision-compose-environment", "status": "blocked-artifact", "detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?" }, { "at": "2026-03-17T07:02:56+00:00", "step": "baseline-snapshot", "status": "skipped", "detail": "no baseline urls or provisioning blocked" }, { "at": "2026-03-17T07:02:56+00:00", "step": "browser-replay-before-attack", "status": "skipped", "detail": "baseline browser capture unavailable" }, { "at": "2026-03-17T07:02:56+00:00", "step": "controlled-attack-chain", "status": "skipped", "detail": "provisioning blocked" }, { "at": "2026-03-17T07:02:56+00:00", "step": "browser-replay-after-attack", "status": "skipped", "detail": "proof browser capture unavailable" }, { "at": "2026-03-17T07:02:56+00:00", "step": "collect-logs-and-evidence", "status": "skipped", "detail": "container_logs=0" }, { "at": "2026-03-17T07:02:56+00:00", "step": "update-registry-and-reports", "status": "completed", "detail": "gitea-livecheck-20260316" } ], "started_at": "2026-03-17T07:02:55+00:00", "finished_at": "2026-03-17T07:02:56+00:00", "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?", "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-livecheck-20260316/report.html", "report_md": "/runs/gitea-livecheck-20260316/report.md", "timeline": "/runs/gitea-livecheck-20260316/timeline.mmd", "bundle": "/runs/gitea-livecheck-20260316/run.json" }, "browser_links": [], "container_links": [], "request_links": [], "advisory_meta": {}, "profile_meta": { "profile_id": "file-upload-generic", "vuln_family": "file-upload", "provisioning_mode": "real", "destructive_risk": "medium", "cleanup_policy": "destroy", "artifact_source": { "strategy": "official-image-or-source" }, "success_criteria": [ "Upload acceptance or bypass path is demonstrated with reversible test artifacts." ], "seed_actions": [ { "kind": "note", "message": "Use inert marker files and non-executable payloads by default." } ], "attack_actions": [ { "kind": "note", "message": "Validate extension, storage path, and preview behavior using inert files." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local", "lab-public", "authorized-third-party" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Use inert marker files and non-executable payloads by default.", "Validate extension, storage path, and preview behavior using inert files.", "Upload acceptance or bypass path is demonstrated with reversible test artifacts." ], "progress": { "completed": 3, "skipped": 5, "failed": 0, "blocked": 1, "planned": 0, "other": 0 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-livecheck-20260316/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-livecheck-20260316/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-livecheck-20260316/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-livecheck-20260316/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "compose", "label": "Compose \u7f16\u6392", "count": 1, "items": [ { "href": "/runs/gitea-livecheck-20260316/compose/compose.yaml", "label": "compose.yaml", "kind": "text" } ] } ] }, { "run_id": "gitea-gitea--CVE-2025-68939-20260317063330", "system_id": "gitea", "advisory_id": "gitea--CVE-2025-68939", "repro_profile_id": "file-upload-generic", "verification_status": "blocked-artifact", "verification_mode": "real", "artifact_mode": "official-image", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [], "attack_steps": [], "browser_refs": [], "container_log_refs": [], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json" ], "timeline": [], "started_at": "2026-03-17T06:33:30+00:00", "finished_at": "2026-03-17T06:33:30+00:00", "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?", "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html", "report_md": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md", "timeline": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd", "bundle": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json" }, "browser_evidence": { "required": true, "present": false, "refs": [] }, "browser_links": [], "container_links": [], "request_links": [ "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json", "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "file-upload-generic", "vuln_family": "file-upload", "provisioning_mode": "real", "destructive_risk": "medium", "cleanup_policy": "destroy", "artifact_source": { "strategy": "official-image-or-source" }, "success_criteria": [ "Upload acceptance or bypass path is demonstrated with reversible test artifacts." ], "seed_actions": [ { "kind": "note", "message": "Use inert marker files and non-executable payloads by default." } ], "attack_actions": [ { "kind": "note", "message": "Validate extension, storage path, and preview behavior using inert files." } ], "browser_assertions": { "required": true }, "allowed_target_types": [ "lab-local", "lab-public", "authorized-third-party" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Use inert marker files and non-executable payloads by default.", "Validate extension, storage path, and preview behavior using inert files.", "Upload acceptance or bypass path is demonstrated with reversible test artifacts." ], "progress": { "completed": 0, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 0 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 2, "items": [ { "href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json", "label": "attack.json", "kind": "text" }, { "href": "/runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] } ] }, { "run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047", "system_id": "nextjs", "advisory_id": "nextjs--CVE-2025-29927", "repro_profile_id": "authz-bypass-generic", "verification_status": "triage-manual", "verification_mode": "real", "artifact_mode": "official-source", "target_env": "local-docker", "compose_services": [ "app" ], "baseline_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json" ], "attack_steps": [ { "kind": "note", "tool": null, "args": [], "status": "planned" } ], "browser_refs": [], "container_log_refs": [], "request_log_refs": [ "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json", "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json" ], "timeline": [], "started_at": "2026-03-17T06:30:47+00:00", "finished_at": "2026-03-17T06:30:47+00:00", "blocked_reason": "dry-run only", "report_refs": { "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047", "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md", "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html", "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd" }, "dashboard_refs": { "report_html": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html", "report_md": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md", "timeline": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd", "bundle": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json" }, "browser_evidence": { "required": false, "present": false, "refs": [] }, "browser_links": [], "container_links": [], "request_links": [ "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json", "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json" ], "advisory_meta": {}, "profile_meta": { "profile_id": "authz-bypass-generic", "vuln_family": "authz-bypass", "provisioning_mode": "real", "destructive_risk": "medium", "cleanup_policy": "destroy", "artifact_source": { "strategy": "official-image-or-source" }, "success_criteria": [ "Protected route or action is evaluated with controlled credentials and logged." ], "seed_actions": [ { "kind": "note", "message": "Create low-privilege and admin test users for server-side recheck validation." } ], "attack_actions": [ { "kind": "note", "message": "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling." } ], "browser_assertions": { "required": false }, "allowed_target_types": [ "lab-local", "lab-public", "authorized-third-party" ], "required_services": [ "app" ] }, "reasoning_lines": [ "Create low-privilege and admin test users for server-side recheck validation.", "Use minimal authorization bypass probes defined by case-specific runner or manual session tooling.", "Protected route or action is evaluated with controlled credentials and logged." ], "progress": { "completed": 0, "skipped": 0, "failed": 0, "blocked": 0, "planned": 0, "other": 0 }, "artifact_groups": [ { "key": "reports", "label": "\u62a5\u544a\u4e0e\u8fd0\u884c\u4ea7\u7269", "count": 4, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html", "label": "report.html", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md", "label": "report.md", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd", "label": "timeline.mmd", "kind": "text" }, { "href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json", "label": "run.json", "kind": "text" } ] }, { "key": "baseline", "label": "\u57fa\u7ebf\u5feb\u7167", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json", "label": "baseline.json", "kind": "text" } ] }, { "key": "requests", "label": "\u8bf7\u6c42\u4e0e\u63a2\u6d4b\u65e5\u5fd7", "count": 1, "items": [ { "href": "/runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json", "label": "attack.json", "kind": "text" } ] } ] } ]