CVE Catalog

CVE-2026-57299

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.

Risk Assessment

The risk involves information disclosure of Contrast metadata configuration, which could aid attackers in further reconnaissance and potential attacks.

Recommendation

It is recommended to immediately update the Contrast Continuous Application Security Plugin to a version newer than 3.11 that includes fixes for the missing access controls.

Original NVD description (English source)

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS