Using some script we called the logout url of Jenkins. This lead to a null pointer exception as the code to search for stale session cookies is not performing a null check.

 
java.lang.NullPointerException
at hudson.security.SecurityRealm.clearStaleSessionCookies(SecurityRealm.java:328)
at hudson.security.SecurityRealm.doLogout(SecurityRealm.java:296)
at jenkins.model.Jenkins.doLogout(Jenkins.java:4063)
at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)

How to reproduce:

curl https://ci.jenkins.io/logout

or open a browser, delete all cookies and the browse open the same url