The Jenkins Threat Landscape

This report assesses Jenkins as a high-value attack surface in cloud environments, describing widespread outdated instances, risky plugins, and misconfigurations that enable attack flows such as cryptomining, CI/CD pipeline abuse, plugin/core exploitation, agent compromise, and cloud credential theft — all of which can lead to cloud control plane compromise; it emphasizes operational hygiene (patching, plugin lifecycle management, configuration hardening) and describes how Wiz can detect and monitor these risks.