CVE-2025-0148 – io.jenkins.plugins:zoom

Package

Manager: maven
Name: io.jenkins.plugins:zoom
Vulnerable Version: >=0 <1.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00019 pctl0.03393

Details

Jenkins Zoom Plugin is Missing Password Field Masking Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.

Metadata

Created: 2025-02-04T00:32:03Z
Modified: 2025-03-13T19:19:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-4352-jxwg-88rm/GHSA-4352-jxwg-88rm.json
CWE IDs: ["CWE-549"]
Alternative ID: GHSA-4352-jxwg-88rm
Finding: F014
Auto approve: 1