Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. Jira Plugin 3.0.11 defines the appropriate folder context for credential lookup. As a side effect, existing per-folder Jira sites may lose access to already configured System-scoped credentials, as if no credential was specified in the first place.
{ "nvd_published_at": "2019-11-21T15:15:00Z", "cwe_ids": [ "CWE-668" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-06T21:56:30Z" }