hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
df1d3596ce4e86a34f887859debbefa346aa7821
websafe-kb/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md

56 行
2.4 KiB
Markdown
原始文件 Blame 文件历史

# Run gitea-livecheck-20260316
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
- Advisory: `gitea--CVE-2025-68939`
- 系统: `gitea`
- Repro Profile: `file-upload-generic`
- 实证状态: `blocked-artifact`
- 实证方式: `real`
- Artifact 模式: `official-image`
- 启动时间: `2026-03-17T07:02:55+00:00`
- 完成时间: `2026-03-17T07:02:56+00:00`
- 阻塞原因: `unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?`
- Compose 服务: `app`
## 运行时间线
- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd)
| 时间 | 步骤 | 状态 | 说明 |
|------|------|------|------|
| `2026-03-17T07:02:55+00:00` | `select-advisory` | `completed` | gitea--CVE-2025-68939 |
| `2026-03-17T07:02:55+00:00` | `resolve-repro-profile` | `completed` | file-upload-generic |
| `2026-03-17T07:02:56+00:00` | `provision-compose-environment` | `blocked-artifact` | unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running? |
| `2026-03-17T07:02:56+00:00` | `baseline-snapshot` | `skipped` | no baseline urls or provisioning blocked |
| `2026-03-17T07:02:56+00:00` | `browser-replay-before-attack` | `skipped` | baseline browser capture unavailable |
| `2026-03-17T07:02:56+00:00` | `controlled-attack-chain` | `skipped` | provisioning blocked |
| `2026-03-17T07:02:56+00:00` | `browser-replay-after-attack` | `skipped` | proof browser capture unavailable |
| `2026-03-17T07:02:56+00:00` | `collect-logs-and-evidence` | `skipped` | container_logs=0 |
| `2026-03-17T07:02:56+00:00` | `update-registry-and-reports` | `completed` | gitea-livecheck-20260316 |
## Compose 拓扑
- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml`
- 服务列表: `app`
## 攻击步骤
| 工具/步骤 | 状态 | 结果 |
|-----------|------|------|
| `-` | `skipped` | `no attack steps` |
## 证据摘要
- Baseline: `0`
- 攻击步骤: `0`
- 浏览器证据: `0`
- 容器日志: `0`
- 请求日志: `0`
## 最小化验证说明
- 仅限自有资产、本地靶场或已授权实验目标。
- 默认执行 minimal-proof;不会把破坏性或不可回滚动作作为默认路径。
- 若浏览器证据缺失,前端类案例不会被标为 `verified-*`
在新工单中引用 查看 Git Blame 复制永久链接