CVE-2026-57297

Summary

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Contrast Continuous Application Security Plugin0 <= 3.11affected

Weaknesses

References