Versions of the BlazeMeter Jenkins plugin before 4.22 contain a flaw which results in credential enumeration