CVE-2019-16544

HIGH

Jenkins QMetry for JIRA - Test Mgmt Plugin <1.12 - Info Disclosure

Title source: llm

Description

Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

References (2)

Scores

CVSS v3 8.8
EPSS 0.0026
EPSS Percentile 49.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-522
Status published

Affected Products (2)

qmetry/jenkins_qmetry_for_jira < 1.12
org.jenkins-ci.plugins/qmetry-for-jira-test-management < 1.13Maven

Timeline

Published Nov 21, 2019
Tracked Since Feb 18, 2026