High severityNVD Advisory· Published Mar 19, 2025· Updated Mar 19, 2025
CVE-2025-30196
CVE-2025-30196
Description
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ghsa-coords
- Range: 1.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-xxrg-mg63-qfpjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-30196ghsaADVISORY
- www.jenkins.io/security/advisory/2025-03-19/ghsavendor-advisoryWEB
News mentions
1- Jenkins Security Advisory 2025-03-19Jenkins Security Advisories · Mar 19, 2025