diff --git a/content/security/for-maintainers.adoc b/content/security/for-maintainers.adoc
index fe483797007c..53d5944df39b 100644
--- a/content/security/for-maintainers.adoc
+++ b/content/security/for-maintainers.adoc
@@ -104,7 +104,7 @@ The following is a rough approximation of the typical recommended lifecycle of a
 .. The security team provides a private repository for that work in the `jenkinsci-cert` GitHub organization.
 .. Work usually happens on a branch, and a corresponding pull request will be used for review.
 . A *date and time of the release is coordinated* between the security team and maintainers.
-  The security team handles CVE ID assignment, advance notification of users, and creation of the security advisory.
+  The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.
 . The *security fix is merged*.
   For details, see link:#merging[Merge the Fix] below.
 . A version of the plugin containing the fix is *uploaded to a staging repository* (see link:#upload[Stage with Maven] below).