{"id":"CVE-2025-47888","details":"Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.","aliases":["GHSA-cp9r-g575-xc5f"],"modified":"2026-04-10T05:27:49.783838Z","published":"2025-05-14T21:15:59.747Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3353"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/dingtalk-plugin","events":[{"introduced":"0"},{"last_affected":"c85f90b5640c1e1ad09642f5659d106ef096471d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.3"}]}}],"versions":["2.4.4","dingding-notifications-1.1","dingding-notifications-1.3","dingding-notifications-1.4","dingding-notifications-1.6","dingding-notifications-1.8","dingding-notifications-1.9","dingding-notifications-2.0.0","dingding-notifications-2.4.11","dingding-notifications-2.4.6","dingding-notifications-2.5.0","dingding-notifications-2.6.0","dingding-notifications-2.6.1","dingding-notifications-2.6.2","dingding-notifications-2.7.0","dingding-notifications-2.7.1","dingding-notifications-2.7.2","dingding-notifications-2.7.3","dingtalk-2.2.0","dingtalk-2.3.0","dingtalk-2.3.1","dingtalk-2.3.2","dingtalk-2.4.0","dingtalk-2.4.1","dingtalk-2.4.10","dingtalk-2.4.4","dingtalk-2.4.5","dingtalk-2.4.8","dingtalk-2.4.9","dingtalk-plugin-2.4.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47888.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N"}]}