CVE-2025-47888: Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation
(updated )
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-47888 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →