Main Vulnerability Database SB2025031729

SB2025031729 - Missing password field masking in Zoom Jenkins Marketplace plugin

Published: March 17, 2025

Security Bulletin ID SB2025031729

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing password field masking (CVE-ID: CVE-2025-0148)

The vulnerability allows an attacker to view the password.

The vulnerability exists due to the application does not mask password on the web page. An attacker can observe the password entered into the password field.

Remediation

Install update from vendor's website.

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25007/