Maven package
io.jenkins.plugins/dingding-notifications
pkg:maven/io.jenkins.plugins/dingding-notifications
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47888 | — | <= 2.7.3 | — | May 14, 2025 | Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. | ||
| CVE-2019-10433 | — | < 2.0.0 | 2.0.0 | Oct 1, 2019 | Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. |
- CVE-2025-47888May 14, 2025affected <= 2.7.3
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.
- CVE-2019-10433Oct 1, 2019affected < 2.0.0fixed 2.0.0
Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.