Information Disclosure Vulnerability in Zoom Jenkins Marketplace Plugin
CVE-2025-0148

2.6LOW

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Jenkins Marketplace Plugin
Vendor: CVE Published:; 3 February 2025

🔔 Create Zoom Communications, Inc Vulnerability Alert

What is CVE-2025-0148?

The Zoom Jenkins Marketplace Plugin prior to version 1.6 contains a vulnerability due to missing password field masking, which could allow unauthenticated users to exploit adjacent network access for unauthorized information disclosure. This security oversight poses a significant risk to data confidentiality and necessitates prompt attention to mitigate potential exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Zoom Jenkins Marketplace plugin 0 < 1.6

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25007/

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Dec 23, 2024

JSON

Zoom Communications, Inc