CVE-2025-0148: Jenkins Zoom Plugin is Missing Password Field Masking

February 4, 2025 (updated March 13, 2025)

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.

References

github.com/advisories/GHSA-4352-jxwg-88rm
github.com/jenkinsci/zoom-plugin
nvd.nist.gov/vuln/detail/CVE-2025-0148
www.zoom.com/en/trust/security-bulletin/zsb-25007

Detect and mitigate CVE-2025-0148 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →