Remote Code Execution with Groovy console in Jenkins
bl4de
1021

You can also exploit the groovy console with CSRF if the Jenkins instance you are attacking has CSRF disabled.

This is particularly interesting when combined with this Chrome & Firefox example that allows for intranet scanning from a malicious website.

https://portswigger.net/blog/exposing-intranets-with-reliable-browser-based-port-scanning