Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

Published

2025-03-19T16:15:33.950

Last Modified

2025-10-08T20:37:09.463

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	anchorchain	1.0	Yes

References

https://www.jenkins.io/security/advisory/2025-03-19/#SECURITY-3529 Vendor Advisory ([email protected])