CVE-2025-0142 – io.jenkins.plugins:zoom

Package

Manager: maven
Name: io.jenkins.plugins:zoom
Vulnerable Version: >=0 <1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0003 pctl0.07017

Details

Jenkins Zoom Plugin Stores Sensitive Information in Cleartext Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.

Metadata

Created: 2025-01-30T21:31:23Z
Modified: 2025-03-13T19:19:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-jx45-xp6q-cwjc/GHSA-jx45-xp6q-cwjc.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-jx45-xp6q-cwjc
Finding: F020
Auto approve: 1