The host is installed with Jenkins LTS before 1.651.2 or Jenkins rolling release before 2.3 and is prone to multiple open redirect vulnerabilities. The flaws are present in the application, which fails to properly handle scheme-relative URLs. Successful exploitation could allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.