CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

CVSS

No CVSS.

References

Link	Resource
https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3353	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:dingtalk:*:*:*:*:*:jenkins:*:*

History

12 Jun 2025, 13:26

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jenkins:dingtalk::::::jenkins::*
References	~~() https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3353 -~~	() https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3353 - Vendor Advisory
First Time		Jenkins Jenkins dingtalk

14 May 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 21:15

Updated : 2025-06-12 13:26

NVD link : CVE-2025-47888

Mitre link : CVE-2025-47888

JSON object : View

Products Affected

jenkins

dingtalk

CWE

No CWE.

JSON object

Attach tags to CVE-2025-47888

Attach tags to `CVE-2025-47888`