This post gives an insight into a sensitive data exposure vulnerability in Asana for Mac that was rated as P1 and was awarded a bounty.

This was the very first report of that kind for me. Still, I think this type of deployment and build chain issue is more common than one may think.