CVE-2026-57297

Vulnerability Description

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

Vulnerability Details

Published Date

June 24, 2026

Last Modified

June 24, 2026

Source

NVD

Vendor

Jenkins Project

Product

Jenkins Contrast Continuous Application Security Plugin

External References

https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3697%20(1)

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment