Launchpad.net

CVE 2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.

See the CVE page on Mitre.org for more details.