Jenkins Security Advisory 2014-02-14 notes: "Jenkins was vulnerable to session fixation attack. If Jenkins is deployed in an environment that allows an attacker to override Jenkins cookies in victim's browser, this vulnerability can be exploited." Upstream fix: https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a MITRE notes at http://www.openwall.com/lists/oss-security/2014/02/21/2 "...Again, the unusual threat model might limit the practical relevance of this." References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.1 Via RHBA-2014:1630 https://rhn.redhat.com/errata/RHBA-2014-1630.html