jenkins-jira-plugin: plugin information disclosure

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

PT-2019-4454 · Jenkins · Jenkins Jira Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JIRA Plugin versions 3.0.10 and earlier Description: The issue is related to the incorrect declaration of the scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. This can lead to...