CVE-2025-0148: 
Java vulnerability analysis and mitigation

The vulnerability (CVE-2025-0148) affects the Zoom Jenkins Marketplace plugin versions before 1.6. The issue involves missing password field masking that could potentially expose sensitive information. The vulnerability was discovered and disclosed on February 3, 2025, affecting organizations using the Zoom Jenkins Marketplace plugin for their Jenkins installations (Jenkins Advisory, NVD).

The vulnerability is characterized by improper masking of Zoom integration tokens in the job configuration form. The issue has been assigned a CVSS v3.1 base score of 2.6 (Low severity) with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires adjacent network access, high attack complexity, no privileges, and user interaction, while only affecting confidentiality to a low degree (Zoom Bulletin).

The vulnerability could allow an unauthenticated user to view sensitive information through the job configuration form where Zoom integration tokens are displayed without proper masking. This exposure increases the potential for attackers to observe and capture these tokens (Jenkins Advisory).

The vulnerability has been fixed in Zoom Jenkins Marketplace plugin version 1.6. Users are advised to update to this version or later to resolve the security issue. The updated version properly masks Zoom integration tokens displayed on the job configuration form (Jenkins Advisory, Zoom Bulletin).