CVE-2026-57298
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
The Jenkins Contrast Continuous Application Security Plugin version 3.11 and earlier contains a cross-site request forgery (CSRF) vulnerability that allows attackers to force Jenkins to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.
Risk Assessment
This vulnerability could lead to unauthorized access to resources and potential data leakage, posing a serious threat to the organization's security.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this vulnerability and implement additional protections against CSRF attacks.
Original NVD description (English source)
A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

