Описание
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.
Пакеты
Наименование
io.jenkins.plugins:dingding-notifications
maven
Затронутые версииВерсия исправления
<= 2.7.3
Отсутствует
Связанные уязвимости
CVSS3: 5.9
nvd
9 месяцев назад
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.