Missing Permission Checks in Jenkins Contrast Continuous Application Security Plugin
CVE-2026-57299
4.3MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 24 June 2026
What is CVE-2026-57299?
The Jenkins Contrast Continuous Application Security Plugin versions 3.11 and earlier are susceptible to a vulnerability that allows users with Overall/Read permission to exploit missing permission checks. This flaw enables unauthorized individuals to enumerate the names of configured Contrast metadata, potentially exposing sensitive information and compromising the security of the Jenkins environment.
Affected Version(s)
Jenkins Contrast Continuous Application Security Plugin 0 <= 3.11