Jenkins QMetry for JIRA - Test Management Plugin stores a credential as part of its post-build step configuration.
While the password is stored encrypted on disk since QMetry for JIRA - Test Management Plugin 1.13, it is transmitted in plain text as part of the configuration form. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.