CVE-2025-47888

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47888

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-47888.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-47888

Aliases

GHSA-cp9r-g575-xc5f

Withdrawn

2025-08-26T19:03:29.285982Z

Published

2025-05-14T21:15:59Z

Modified

2025-07-20T06:50:39.002021Z

Summary

[none]

Details

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3353

Affected packages

Git / github.com/jenkinsci/dingtalk-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/dingtalk-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c85f90b5640c1e1ad09642f5659d106ef096471d

Affected versions

2.*

2.4.4

ding-talk-2.*

ding-talk-2.4.3

dingding-notifications-1.*

dingding-notifications-1.1

dingding-notifications-1.3

dingding-notifications-1.4

dingding-notifications-1.6

dingding-notifications-1.8

dingding-notifications-1.9

dingding-notifications-2.*

dingding-notifications-2.0.0

dingding-notifications-2.4.11

dingding-notifications-2.4.6

dingding-notifications-2.5.0

dingding-notifications-2.6.0

dingding-notifications-2.6.1

dingding-notifications-2.6.2

dingding-notifications-2.7.0

dingding-notifications-2.7.1

dingding-notifications-2.7.2

dingding-notifications-2.7.3

dingtalk-2.*

dingtalk-2.2.0

dingtalk-2.3.0

dingtalk-2.3.1

dingtalk-2.3.2

dingtalk-2.4.0

dingtalk-2.4.1

dingtalk-2.4.10

dingtalk-2.4.2

dingtalk-2.4.4

dingtalk-2.4.5

dingtalk-2.4.8

dingtalk-2.4.9

dingtalk-plugin-2.*

dingtalk-plugin-2.4.7