CVE-2025-0148 — Missing Password Field Masking in Communications INC Zoom Jenkins Marketplace Plugin

CWE-549 — Missing Password Field Masking4 documents4 sources

Severity

2.6LOWNVD

EPSS

0.1%

top 69.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zoom Communications INC Zoom Jenkins Marketplace Plugin Jenkins Azure Service Fabric Plugin Jenkins Bitbucket Server Integration Plugin +7 more

Timeline

PublishedFeb 3

Latest updateFeb 4

Description

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages10 packages

▶CVEListV5zoom_communications_inc/zoom_jenkins_marketplace_plugin< 1.6

▶jenkinsjenkins/tokens_displayed_without_masking_by_zoom_plugin

▶jenkinsjenkins/zoom_plugin

▶jenkinsjenkins/gitlab_plugin

▶jenkinsjenkins/eiffel_broadcaster_plugin

🔴Vulnerability Details

GHSA

Jenkins Zoom Plugin is Missing Password Field Masking↗2025-02-04

▶

OSV

Jenkins Zoom Plugin is Missing Password Field Masking↗2025-02-04

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2025-01-22↗2025-01-22

▶