CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...

PT-2022-18853 · Jenkins · Jenkins Coverage/Complexity Scatter Plot Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverage/Complexity Scatter Plot Plugin versions 1.1.1 and earlier Description: The issue allows attackers to control input files for the 'Public Coverage / Complexity Scatter Plot' post-build step, enabling them to have Jenkins parse...

PT-2020-15322 · Jenkins · Jenkins Junit Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NUnit Plugin versions 0.25 and earlier Description: The issue allows a user who can control the input files for the post-build step to have Jenkins parse a crafted file that uses external entities. This can lead to extraction of secre...