Base Score

LOW3.1

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

VectorNETWORK

Published Byjenkinsci-cert@googlegroups.com

Published DateMar 19, 2025, 16:15

Affected Versions(1)

io.jenkins.plugins:zohoqengine(Maven)

Introduced0

Fixed1.0.31.v4a_b_1db_6d6a_f2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
io.jenkins.plugins:zohoqengine(Maven)	0	1.0.31.v4a_b_1db_6d6a_f2	N/A

Weakness Type (CWE):CWE-549

CVSS Metrics

Base Score

3.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

https://www.jenkins.io/security/advisory/2025-03-19/#SECURITY-3511

Base Score

LOW3.1

Weakness Type (CWE):CWE-549

CVSS Metrics

Base Score

3.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE