A public Jenkins server owned by GE Aviation exposed source code, plaintext passwords, global system configuration details and private keys. A DNS misconfiguration resulted in an open Jenkins server being available to all. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity. GE Aviation classified the exposure as medium-risk, despite the number and sensitivity of exposed files. The company reset all credentials as a precautionary measure as a precautionary measure.
Source: https://threatpost.com/ge-aviation-passwords-jenkins-server/146302/