Missing perm checks in Jenkins Contrast Plugin 3.11 metadata enumeration
CVE-2026-57299 Published on June 24, 2026
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
Products Associated with CVE-2026-57299
Want to know whenever a new CVE is published for Jenkins? stack.watch will email you.
Affected Versions
Jenkins Project Jenkins Contrast Continuous Application Security Plugin:- Before and including 3.11 is affected.