CVE-2025-47888

Summary

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins DingTalk Plugin0 <= 2.7.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References