Security Advisory

CVE-2025-30196

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-19 15:38:12

Last updated 2025-03-19 18:13:51

Assigner jenkins

State PUBLISHED

Description

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

← Browse all CVEs View on cve.org ↗