CloudBees Security Advisory 2026-04-15

This advisory announces vulnerabilities in CloudBees CI and Jenkins

CSRF vulnerability in CloudBees Maven Migration Assistant

BEE-65943
Severity (CVSS): Medium
Description:

CloudBees Maven Migration Assistant before 0.121 does not require POST for the HTTP endpoint to convert a Maven Project to Pipeline job.

This vulnerability allows attackers to perform Maven Project to Pipeline job conversion.

CloudBees Maven Migration Assistant 0.121 requires POST for the affected HTTP endpoint.

Severity

BEE-65943: Medium

Fix

CloudBees Maven Migration Assistant plugin should be upgraded to 0.121

More Security Advisories