#VU105771 Missing password field masking in Zoom Jenkins Marketplace plugin - CVE-2025-0148
Published: March 17, 2025
Vulnerability identifier: #VU105771
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-0148
CWE-ID: CWE-549
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Jenkins Marketplace plugin
Zoom Jenkins Marketplace plugin
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows an attacker to view the password.
The vulnerability exists due to the application does not mask password on the web page. An attacker can observe the password entered into the password field.
Remediation
Install updates from vendor's website.