Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Network-reachable endpoint requires only low-privilege Jenkins auth (PR:L); no confidentiality or availability impact, only unauthorized outbound connection initiation (I:L).
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionNVD
A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.
AnalysisAI
Missing authorization in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier permits any authenticated Jenkins user holding the minimal Overall/Read permission to invoke a connection test endpoint with fully attacker-controlled URL, username, API key, and service key. This enables the Jenkins server to make arbitrary outbound HTTP connections - a Server-Side Request Forgery (SSRF)-class impact - without the elevated privileges that should guard such functionality. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid Jenkins account with at minimum Overall/Read permission - the baseline permission granted to almost all authenticated Jenkins users in most deployments. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N accurately reflects the bounded impact: exploitation is network-accessible and requires no special configuration complexity, but does require a valid Jenkins account with at least Overall/Read - the lowest meaningful Jenkins permission tier. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Jenkins user with only Overall/Read permission crafts a request to the Contrast plugin's connection-test form action, substituting an attacker-controlled server address for the legitimate Contrast platform URL along with arbitrary credential values. Jenkins executes the outbound connection on behalf of the attacker, allowing them to confirm internal network reachability of target hosts, harvest timing information about internal services, or receive the supplied API/service key material at their server. |
| Remediation | Patch available per vendor advisory - consult the Jenkins security advisory at https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3697%20(1) for the specific patched plugin version and update the plugin via Jenkins Plugin Manager. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-site request forgery in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows a remote a
Missing authorization checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow any authe
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38778
GHSA-p44q-fmwr-jqr7