Last major exploit I heard about - the matrix.org exploit, was from privilege escalation through a Jenkins vulnerability [1]
[1] https://www.zdnet.com/article/matrix-hack-forces-servers-off...
--
This isn't nec a knock against Jenkins itself, but certainly a knock against thousands of orgs running their own unpatched Jenkins servers, often on the same machine as their other apps
Last major exploit I heard about - the matrix.org exploit, was from privilege escalation through a Jenkins vulnerability [1]
[1] https://www.zdnet.com/article/matrix-hack-forces-servers-off...
--
This isn't nec a knock against Jenkins itself, but certainly a knock against thousands of orgs running their own unpatched Jenkins servers, often on the same machine as their other apps