High severityNVD Advisory· Published Mar 19, 2025· Updated Mar 19, 2025

CVE-2025-30196

Description

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

Affected products

Jenkins Project/Jenkins Anchorchain Pluginv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xxrg-mg63-qfpjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-30196ghsaADVISORY
www.jenkins.io/security/advisory/2025-03-19/ghsavendor-advisoryWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000