Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
www.openwall.com/lists/oss-security/2019/07/31/1
github.com/jenkinsci/skytap-cloud-plugin
github.com/jenkinsci/skytap-cloud-plugin/commit/167986a84d1d15b525eaf0232b1c1a7c47aef670
jenkins.io/security/advisory/2019-07-31/#SECURITY-1429
nvd.nist.gov/vuln/detail/CVE-2019-10366
www.zerodayinitiative.com/advisories/ZDI-19-833