CVE-2026-57299
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
Risk Assessment
The risk involves information disclosure of Contrast metadata configuration, which could aid attackers in further reconnaissance and potential attacks.
Recommendation
It is recommended to immediately update the Contrast Continuous Application Security Plugin to a version newer than 3.11 that includes fixes for the missing access controls.
Original NVD description (English source)
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.

