CVE-2019-16545

Name of the Vulnerable Software and Affected Versions Jenkins QMetry for JIRA - Test Management Plugin versions prior to 1.13

Description The issue concerns the transmission of credentials in plain text as part of job configuration forms, potentially leading to their exposure. Although the password is stored encrypted on disk since version 1.13, it is still transmitted in plain text as part of the configuration form. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.

Recommendations For versions prior to 1.13, consider updating to version 1.13 or later to ensure that passwords are stored encrypted on disk. As a temporary workaround, restrict access to the configuration form to minimize the risk of exposure. Avoid using the plugin's post-build step configuration until the issue is resolved.