CVE-2025-47888 - CERT CVE

  1. CVE-2025-47888

ID CVE-2025-47888
Sažetak Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.
Reference
CVSS
Base: 5.9
Impact: 4.2
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Zadnje važnije ažuriranje 16-05-2025 - 14:43
Objavljeno 14-05-2025 - 21:15