Jenkins M2Release vulnerabilities

CVE-2019-10359 [MEDIUM] CWE-352 CVE-2019-10359: A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.

CVE-2019-10361 [MEDIUM] CWE-522 CVE-2019-10361: Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.