Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
https://www.zerodayinitiative.com/advisories/ZDI-19-835/
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435