Security Advisories

CloudBees Security Advisory2026-04-15

This advisory announces vulnerabilities in 

,

and

CloudBees CI

,

and

Jenkins

CSRF vulnerability in CloudBees Maven Migration Assistant

BEE-65943

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N]

Description:

CloudBees Maven Migration Assistant before 0.121 does not require POST for the HTTP endpoint to convert a Maven Project to Pipeline job.

This vulnerability allows attackers to perform Maven Project to Pipeline job conversion.

CloudBees Maven Migration Assistant 0.121 requires POST for the affected HTTP endpoint.

Severity

Fix

  • CloudBees Maven Migration Assistant plugin should be upgraded to 0.121

Subscription confirmed

You'll now be notified automatically when new vulnerabilities
are disclosed