CVE-2019-16541

Name of the Vulnerable Software and Affected Versions Jenkins JIRA Plugin versions 3.0.10 and earlier

Description The issue is related to the incorrect declaration of the scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. This can lead to unauthorized access to protected information. The problem is associated with insufficient restrictions on the controlled area of the system.

Recommendations For Jenkins JIRA Plugin versions 3.0.10 and earlier, update to version 3.0.11 or later, which defines the appropriate folder context for credential lookup. Note that existing per-folder Jira sites may lose access to already configured System-scoped credentials after the update.