{"id":"CVE-2025-30197","details":"Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.","aliases":["GHSA-2x3g-rr4w-4qrp"],"modified":"2026-04-10T05:25:27.922446Z","published":"2025-03-19T16:15:34.060Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2025-03-19/#SECURITY-3511"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/zohoqengine-plugin","events":[{"introduced":"0"},{"last_affected":"facc233965029a025b136efe0aa43b68cf522298"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.29.vfa_cc23396502"}]}}],"versions":["1.0.24.v8a_00da_0756ee","1.0.29.vfa_cc23396502"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}