CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/05/16 9:20 p.m.•26 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS6.8AI score0.00192EPSS

Exploits0References1

Github Security Blog•added 2025/05/14 9:31 p.m.•5 views

Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS6.7AI score0.00192EPSS

Exploits0References3Affected Software1

OSV•added 2025/05/14 9:31 p.m.•3 views

GHSA-CP9R-G575-XC5F Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS6.7AI score0.00192EPSS

Exploits0References3

OSV•added 2025/05/14 9:15 p.m.•3 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS6.1AI score

Exploits0References1

NVD•added 2025/05/14 9:15 p.m.•12 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

5.9CVSS0.00192EPSS

Exploits0References1

Vulnrichment•added 2025/05/14 8:35 p.m.•5 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

6.8AI score0.00192EPSS

Exploits0References1

Cvelist•added 2025/05/14 8:35 p.m.•18 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

0.00192EPSS

Exploits0References1

CVE•added 2025/05/14 8:35 p.m.•52 views

CVE-2025-47888

CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...

5.9CVSS7AI score0.00192EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/05/14 12:0 a.m.•3 views

PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...

5.9CVSS6.2AI score0.00192EPSS

Exploits0References10

CNNVD•added 2025/05/14 12:0 a.m.•2 views

Jenkins plugin DingTalk 输入验证错误漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

5.9CVSS6.4AI score0.00192EPSS

Exploits0References2

OSV•added 2022/05/24 4:57 p.m.•19 views

GHSA-XG8P-CP7F-CPHX DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS3.7AI score0.00409EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by