Oracle aren't very forthcoming with details but the last big security pack (Jan 2015) contained CVE-2015-0410 which is marked remotely exploitable via the network. Whilst some things may not seem exploitable some plugins do things like image manipulation which has been exploitable in the past and will run on the master.
-- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/2a193d09-7090-4ae3-b7d5-3fa2fa6713d9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
