Security Advisories
CloudBees Security Advisory2026-04-15
This advisory announces vulnerabilities in
,
and
CloudBees CI
,
and
Jenkins

CSRF vulnerability in CloudBees Maven Migration Assistant
BEE-65943
Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N]
Description:
CloudBees Maven Migration Assistant before 0.121 does not require POST for the HTTP endpoint to convert a Maven Project to Pipeline job.
This vulnerability allows attackers to perform Maven Project to Pipeline job conversion.
CloudBees Maven Migration Assistant 0.121 requires POST for the affected HTTP endpoint.
Note
Warning
Severity
- BEE-65943: Medium
Fix
- CloudBees Maven Migration Assistant plugin should be upgraded to 0.121