30 matches found
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2025-47888
CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...
PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...
Jenkins plugin DingTalk 输入验证错误漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...
HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat
In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in t...
GHSA-XG8P-CP7F-CPHX DingTalk Plugin stores credentials in plain text
Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
DingTalk Plugin stores credentials in plain text
Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
WordPress DingTalk LTS 4.6 Open Redirection
Exploit Title : WordPress DingTalk Themes LTS 4.6 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 25/05/2019 Vendor Homepage : zmingcx.com - dingfen.net Information Link : zmingcx.com/begin.html WordPress Version : 5.2.1 Theme Version : LTS 4.6...
macaca-android-dingtalk (=1.0.30) potentially affected by CVE-2016-10586 via macaca-chromedriver (=1.0.15)
macaca-chromedriver NPM version =1.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on macaca-chromedriver and may be impacted: - macaca-android-dingtalk =1.0.30 Source cves: CVE-2016-10586 Source advisory: OSV:GHSA-769C-QPHH-G3WM...