Jenkins DingTalk Plugin SSL/TLS Validation Vulnerability

Vulnerability

A vulnerability exists in the Jenkins DingTalk Plugin in versions through 2.7.3, where SSL/TLS certificate and hostname validation is disabled for connections to configured DingTalk webhooks. This flaw could potentially allow for man-in-the-middle attacks or the interception of sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of data or manipulation of webhook communications.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins DingTalk Plugin SSL/TLS Validation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating