websafe 运行报告

漏洞条目
gitea--CVE-2018-15192

实证状态
blocked-artifact

复现 Profile
gitea-ssrf

Artifact 模式
local-fixture

Mermaid 时间线

flowchart LR A["选择 Advisory"] --> B["解析 Repro Profile"] B --> C["生成 Compose 环境"] C --> D["采集基线快照"] D --> E["执行受控攻击步骤"] E --> F["浏览器回放验证"] F --> G["收集日志与证据"] G --> H["回写 Registry 与报告"] H --> I["阻塞: chromium launch failed: BrowserType.launch: Timeout 180000ms"]

运行时间线

时间	步骤	状态	说明
`2026-03-18T02:30:02+00:00`	`select-advisory`	`completed`	gitea--CVE-2018-15192
`2026-03-18T02:30:02+00:00`	`resolve-repro-profile`	`completed`	gitea-ssrf
`2026-03-18T02:42:30+00:00`	`doctor`	`failed`	chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded. Call log: - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window - <launched> pid=25167
`2026-03-18T02:42:30+00:00`	`provision-compose-environment`	`blocked-artifact`	chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded. Call log: - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window - <launched> pid=25167
`2026-03-18T02:42:30+00:00`	`wait-ready`	`skipped`	provisioning blocked
`2026-03-18T02:42:30+00:00`	`seed-environment`	`skipped`	runtime steps unavailable
`2026-03-18T02:42:30+00:00`	`baseline-snapshot`	`skipped`	no baseline urls or provisioning blocked
`2026-03-18T02:42:30+00:00`	`controlled-attack-chain`	`skipped`	provisioning blocked
`2026-03-18T02:42:30+00:00`	`collect-logs-and-evidence`	`skipped`	container_logs=0
`2026-03-18T02:42:30+00:00`	`cleanup-compose-environment`	`skipped`	cleanup_policy not destroy
`2026-03-18T02:42:30+00:00`	`update-registry-and-reports`	`completed`	gitea-gitea--CVE-2018-15192-20260318023002

时间

步骤

状态

说明

2026-03-18T02:30:02+00:00

select-advisory

completed

gitea--CVE-2018-15192

2026-03-18T02:30:02+00:00

resolve-repro-profile

completed

gitea-ssrf

2026-03-18T02:42:30+00:00

doctor

failed

chromium launch failed: BrowserType.launch: Timeout 180000ms exceeded. Call log: - <launching> /Users/x/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --enable-automation --disable-infobars --disable-search-engine-choice-screen --disable-sync --enable-unsafe-swiftshader --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --user-data-dir=/var/folders/n7/4hh5kwt50913gn3xqyzf426c0000gn/T/playwright_chromiumdev_profile-azzIJQ --remote-debugging-pipe --no-startup-window - <launched> pid=25167

2026-03-18T02:42:30+00:00

provision-compose-environment

blocked-artifact

2026-03-18T02:42:30+00:00

wait-ready

skipped

provisioning blocked

2026-03-18T02:42:30+00:00

seed-environment

skipped

runtime steps unavailable

2026-03-18T02:42:30+00:00

baseline-snapshot

skipped

no baseline urls or provisioning blocked

2026-03-18T02:42:30+00:00

controlled-attack-chain

skipped

provisioning blocked

2026-03-18T02:42:30+00:00

collect-logs-and-evidence

skipped

container_logs=0

2026-03-18T02:42:30+00:00

cleanup-compose-environment

skipped

cleanup_policy not destroy

2026-03-18T02:42:30+00:00

update-registry-and-reports

completed

gitea-gitea--CVE-2018-15192-20260318023002

工具	状态	输出
`-`	`skipped`	`当前没有攻击步骤`

工具

状态

输出

-

skipped

当前没有攻击步骤

运行 gitea-gitea--CVE-2018-15192-20260318023002

Mermaid 时间线

运行时间线

攻击步骤

证据清单