SSL/TLS Validation Bypass in Jenkins DingTalk Plugin by Jenkins
CVE-2025-47888
5.9MEDIUM
Key Information:
- Vendor
Jenkins
- Status
- Vendor
- CVE Published:
- 14 May 2025
What is CVE-2025-47888?
The Jenkins DingTalk Plugin versions 2.7.3 and earlier disable SSL/TLS certificate and hostname validation for connections to configured DingTalk webhooks. This lack of validation could expose users to potential security risks, allowing unauthorized access to sensitive data or exploitation by malicious actors.
Affected Version(s)
Jenkins DingTalk Plugin 0 <= 2.7.3