Main Vulnerability Database Vulnerabilities #VU105771

Missing password field masking in Zoom Jenkins Marketplace plugin - CVE-2025-0148

Published: March 17, 2025

Vulnerability identifier: #VU105771

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-0148

CWE-ID: CWE-549

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Zoom Video Communications, Inc.

Affected software:
Zoom Jenkins Marketplace plugin

Detailed vulnerability description

The vulnerability allows an attacker to view the password.

The vulnerability exists due to the application does not mask password on the web page. An attacker can observe the password entered into the password field.

How to mitigate CVE-2025-0148

Install updates from vendor's website.

Sources

https://www.zoom.com/en/trust/security-bulletin/zsb-25007/

Missing password field masking in Zoom Jenkins Marketplace plugin - CVE-2025-0148

Detailed vulnerability description

How to mitigate CVE-2025-0148

Sources

Please verify you're human