GHSA-xxrg-mg63-qfpj

Опубликовано: 19 мар. 2025

Источник: github

Github: Прошло ревью

CVSS3: 8

Описание

Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

As of publication of this advisory, there is no fix.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:anchorchain

maven

Затронутые версииВерсия исправления

= 1.0

Отсутствует

EPSS

Процентиль: 14%

0.00046

Низкий

8 High

CVSS3

CVE ID

CVE-2025-30196

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-30196

CVSS3: 6.5

nvd

3 месяца назад

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

EPSS

Процентиль: 14%

0.00046

Низкий

8 High

CVSS3

CVE ID

CVE-2025-30196

Дефекты

CWE-79