Lucene search
K

30 matches found

Cvelist
Cvelist
added 2025/05/14 8:35 p.m.21 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

0.00199EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 8:35 p.m.56 views

CVE-2025-47888

CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...

5.9CVSS7AI score0.00199EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.10 views

PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...

5.9CVSS6.2AI score0.00199EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

Jenkins plugin DingTalk 输入验证错误漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

5.9CVSS6.4AI score0.00199EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/08/27 4:8 p.m.91 views

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...

9.3CVSS8.6AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2024/08/27 10:0 a.m.12 views

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

In June 2024, we discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples we found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in t...

6.6AI score
Exploits0
OSV
OSV
added 2022/05/24 4:57 p.m.59 views

GHSA-XG8P-CP7F-CPHX DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS3.7AI score0.00409EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 4:57 p.m.17 views

DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS7AI score0.00409EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2019/05/25 12:0 a.m.237 views

WordPress DingTalk LTS 4.6 Open Redirection

Exploit Title : WordPress DingTalk Themes LTS 4.6 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 25/05/2019 Vendor Homepage : zmingcx.com - dingfen.net Information Link : zmingcx.com/begin.html WordPress Version : 5.2.1 Theme Version : LTS 4.6...

Exploits0
vulnersOsv
vulnersOsv
added 2019/02/18 11:51 p.m.5 views

macaca-android-dingtalk (=1.0.30) potentially affected by CVE-2016-10586 via macaca-chromedriver (=1.0.15)

macaca-chromedriver NPM version =1.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on macaca-chromedriver and may be impacted: - macaca-android-dingtalk =1.0.30 Source cves: CVE-2016-10586 Source advisory: OSV:GHSA-769C-QPHH-G3WM...

9.3CVSS7.2AI score0.01752EPSS
Exploits0
Rows per page
Query Builder