Information Disclosure Vulnerability in Zoom Jenkins Marketplace Plugin
CVE-2025-0148

2.6LOW

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Jenkins Marketplace Plugin
Vendor: CVE Published:; 3 February 2025

Summary

The Zoom Jenkins Marketplace Plugin prior to version 1.6 contains a vulnerability due to missing password field masking, which could allow unauthenticated users to exploit adjacent network access for unauthorized information disclosure. This security oversight poses a significant risk to data confidentiality and necessitates prompt attention to mitigate potential exposure.

Affected Version(s)

Zoom Jenkins Marketplace plugin 0 < 1.6

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25007/

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Dec 23, 2024