icon

We found results for “

CVE-2025-30197

Good to know:

icon

Date: March 19, 2025

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

Severity Score

Severity Score

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Missing Password Field Masking

CWE-549

Top Fix

icon

Upgrade Version

Upgrade to version io.jenkins.plugins:zohoqengine:1.0.31.v4a_b_1db_6d6a_f2;io.jenkins.plugins:zohoqengine:1.0.31.v4a_b_1db_6d6a_f2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us