CVE-2025-30196
19.03.2025, 16:15
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.
Awaiting analysis
This vulnerability is currently awaiting analysis.