CVE-2025-47888

Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier

Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of the connections, potentially exposing them to man-in-the-middle attacks or other security risks.

Recommendations: For Jenkins DingTalk Plugin versions 2.7.3 and earlier, consider disabling the plugin until a patched version is available that properly handles SSL/TLS certificate and hostname validation. As a temporary workaround, restrict access to the DingTalk webhooks to minimize the risk of exploitation.