SB2025031729 - Missing password field masking in Zoom Jenkins Marketplace plugin
Published: March 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Missing password field masking (CVE-ID: CVE-2025-0148)
CWE-ID: CWE-549 - Missing Password Field Masking
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to view the password.
The vulnerability exists due to the application does not mask password on the web page. An attacker can observe the password entered into the password field.
Remediation
Install update from vendor's website.