The host is installed with Jenkins LTS before 1.642.2 or Jenkins rolling release before 1.650 and is prone to a brute force attack vulnerability. A flaw is present in the application, which fails to properly handle the usage of algorithm to verify API tokens. Successful exploitation could allow attackers to determine api tokens via a brute-force approach.