CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE-2026-57299

Jenkins Contrast Continuous Application Security Plugin up to version 3.11 contains a permissions flaw: missing permission checks allow users with Overall/Read to enumerate the names of configured Contrast metadata. Vulnerable component: the Jenkins plugin for Contrast CAS. Impact is information ...

5.9AI score

Exploits0References1

Cvelist•added 6 hours ago•6 views

CVE-2026-57298

A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

Exploits0References1

CVE•added 6 hours ago•9 views

CVE-2026-57298

CVE-2026-57298: A CSRF in the Jenkins Contrast Continuous Application Security Plugin (version 3.11 and earlier) allows an attacker to cause Jenkins to access an attacker-specified URL using attacker-specified username, API key, and service key. Affected: Jenkins Contrast Continuous Application S...

5.4CVSS5.8AI score

Exploits0References1

EUVD•added 6 hours ago•6 views

EUVD-2026-38779

5.4CVSS5.8AI score

Exploits0References1

CVE•added 6 hours ago•6 views

CVE-2026-57297

The CVE-2026-57297 issue affects the Jenkins Contrast Continuous Application Security Plugin up to version 3.11. It is caused by a missing permission check that lets users with Overall/Read access connect to an attacker-specified URL using attacker-supplied username, API key, and service key. Aff...

5.8AI score

Exploits0References1

RedhatCVE•added 2025/05/22 11:59 p.m.•5 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS5.4AI score0.00639EPSS

Exploits0References1

Github Security Blog•added 2022/10/19 7:0 p.m.•30 views

Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin

Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS5.4AI score0.00639EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2022/10/19 12:0 a.m.•5 views

PT-2022-26905 · Jenkins · Jenkins Contrast Continuous Application Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Contrast Continuous Application Security Plugin versions 3.9 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape data returned from the Contras...

7.5CVSS5.1AI score0.00639EPSS

Exploits0References9

CNNVD•added 2022/10/19 12:0 a.m.•4 views

Jenkins Contrast Continuous Application Security Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.5AI score0.00639EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by