CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

Published Jan 14, 2026

https://www.jenkins.io/security/advisory/2025-03-19/#SECURITY-3511 https://github.com/advisories/GHSA-2x3g-rr4w-4qrp

CVSS ScoreLow

2.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.

Published Jan 14, 2026

https://www.jenkins.io/security/advisory/2025-03-19/#SECURITY-3511 https://github.com/advisories/GHSA-2x3g-rr4w-4qrp

CVSS ScoreLow

2.3


maven	io.jenkins.plugins/zohoqengine	1.0.22.vd05b_10b_8f5dd
maven	io.jenkins.plugins/zohoqengine	1.0.24.v8a_00da_0756ee
maven	io.jenkins.plugins/zohoqengine	1.0.29.vfa_cc23396502

Ecosystem	Package	Version


maven	io.jenkins.plugins/zohoqengine	1.0.22.vd05b_10b_8f5dd
maven	io.jenkins.plugins/zohoqengine	1.0.24.v8a_00da_0756ee
maven	io.jenkins.plugins/zohoqengine	1.0.29.vfa_cc23396502

Find vulnerabilities. Fix fast with AI.

CVE-2025-30197

CVE-2025-30197