The host is installed with Jenkins LTS through 2.150.1 or Jenkins rolling release through 2.158 and is prone to an improper authorization vulnerability. The flaw is present in the application, which fails to properly handle an issue in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java. Successful exploitation could attackers to extend the duration of active http sessions indefinitely even though the user account may have been deleted in the mean time.