CVE-2025-0142 — Cleartext Storage of Sensitive Info in Communications INC Zoom Jenkins Marketplace Plugin

CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 76.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoom Communications INC Zoom Jenkins Marketplace Plugin Jenkins Azure Service Fabric Plugin Jenkins Bitbucket Server Integration Plugin +7 more

Timeline

PublishedJan 30

Description

Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages10 packages

▶CVEListV5zoom_communications_inc/zoom_jenkins_marketplace_plugin< 1.4

▶jenkinsjenkins/zoom_plugin

▶jenkinsjenkins/tokens_displayed_without_masking_by_zoom_plugin

▶jenkinsjenkins/gitlab_plugin

▶jenkinsjenkins/eiffel_broadcaster_plugin

🔴Vulnerability Details

GHSA

Jenkins Zoom Plugin Stores Sensitive Information in Cleartext↗2025-01-30

▶

OSV

Jenkins Zoom Plugin Stores Sensitive Information in Cleartext↗2025-01-30

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2025-01-22↗2025-01-22

▶