CVE-2025-30197

Summary

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Zoho QEngine Plugin0 <= 1.0.29.vfa_cc23396502affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References