CVE-2025-0142: Jenkins Zoom Plugin Stores Sensitive Information in Cleartext

January 30, 2025 (updated March 13, 2025)

Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.

References

github.com/advisories/GHSA-jx45-xp6q-cwjc
github.com/jenkinsci/zoom-plugin
nvd.nist.gov/vuln/detail/CVE-2025-0142
www.zoom.com/en/trust/security-bulletin/zsb-25001

Code Behaviors & Features

Detect and mitigate CVE-2025-0142 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →