Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-862 | |
| Metrics |
cvssV3_1
|
Wed, 24 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins
Jenkins contrast Continuous Application Security Jenkins Project Jenkins Project jenkins Contrast Continuous Application Security Plugin |
|
| Vendors & Products |
Jenkins
Jenkins contrast Continuous Application Security Jenkins Project Jenkins Project jenkins Contrast Continuous Application Security Plugin |
Wed, 24 Jun 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Missing Permission Checks Allow Metadata Enumeration in Jenkins Contrast Plugin | |
| Weaknesses | CWE-269 |
Wed, 24 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Missing Permission Checks Enumerate Contrast Metadata | |
| Weaknesses | CWE-200 CWE-285 |
Wed, 24 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Missing Permission Checks Enumerate Contrast Metadata | |
| Weaknesses | CWE-200 CWE-285 |
Wed, 24 Jun 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | |
| References |
|
Status: PUBLISHED
Assigner: jenkins
Published: 2026-06-24T13:20:15.124Z
Updated: 2026-07-06T14:39:59.862Z
Reserved: 2026-06-24T08:41:44.359Z
Link: CVE-2026-57299
Updated: 2026-06-24T14:30:59.852Z
No data.
No data.