CVE-2026-57299

EUVD-2026-38780
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Vulnerability Media Exposure
References
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3697%20(2)