The following flaw was found in Jenkins:
The verification of user-provided API tokens with the expected value did not use a constant-time comparison algorithm, potentially allowing attackers to use statistical methods to determine valid API tokens using brute-force methods.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24