Missing perm checks in Jenkins Contrast Plugin 3.11 metadata enumeration
CVE-2026-57299 Published on June 24, 2026

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.

Vendor Advisory NVD


Products Associated with CVE-2026-57299

Want to know whenever a new CVE is published for Jenkins? stack.watch will email you.

 

Affected Versions

Jenkins Project Jenkins Contrast Continuous Application Security Plugin: