The Winstone servlet container in Jenkins prior to 1.551 and LTS prior to 1.532.2 allows remote malicious users to hijack sessions via unspecified vectors.
jenkins jenkins