diff --git a/gradle/changelog/jgit6.7.yaml b/gradle/changelog/jgit6.7.yaml
new file mode 100644
index 0000000000..e6f2c2f5c3
--- /dev/null
+++ b/gradle/changelog/jgit6.7.yaml
@@ -0,0 +1,2 @@
+- type: fixed
+  description: Bump JGit to version 6.7.0.202309050840-r to fix CVE-2023-4759
diff --git a/scm-plugins/scm-git-plugin/build.gradle b/scm-plugins/scm-git-plugin/build.gradle
index c4265a27d5..d849a801fd 100644
--- a/scm-plugins/scm-git-plugin/build.gradle
+++ b/scm-plugins/scm-git-plugin/build.gradle
@@ -26,7 +26,7 @@ plugins {
   id 'org.scm-manager.smp' version '0.13.0'
 }
 
-def jgitVersion = '6.2.0.202206071550-r-scm1'
+def jgitVersion = '6.7.0.202309050840-r-scm1'
 
 dependencies {
   // required by scm-it