Missing Password Field Masking

CVE-2025-30197

Low

3.1/10

Summary

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-549 - Missing Password Field Masking

The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

References

Advisory Timeline

Published Mar 19, 2025

Missing Password Field Masking

CVE-2025-30197

Summary

CWE-549 - Missing Password Field Masking

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS