GHSA-4352-jxwg-88rm

Source

https://github.com/advisories/GHSA-4352-jxwg-88rm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-4352-jxwg-88rm/GHSA-4352-jxwg-88rm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4352-jxwg-88rm

Aliases

CVE-2025-0148

Published

2025-02-04T00:32:03Z

Modified

2025-03-13T19:28:47.403113Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins Zoom Plugin is Missing Password Field Masking

Details

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.

Database specific

{
    "github_reviewed": true,
    "severity": "LOW",
    "nvd_published_at": "2025-02-03T23:15:08Z",
    "cwe_ids": [
        "CWE-549"
    ],
    "github_reviewed_at": "2025-03-13T19:19:18Z"
}

References

Affected packages

Maven / io.jenkins.plugins:zoom

Package

Name: io.jenkins.plugins:zoom; View open source insights on deps.dev
Purl: pkg:maven/io.jenkins.plugins/zoom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

1.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-4352-jxwg-88rm/GHSA-4352-jxwg-88rm.json"