CVE-2018-1000425
The CVE concerns the Jenkins SonarQube Scanner Plugin (up to version 2.8) where credentials used to connect to SonarQube are stored in plaintext in SonarInstallation.java. This insufficient protection allows an attacker with local filesystem access to extract the server authentication credentials...