As a workaround to kill a build that is stuck, I found in this issue tracker that you can append /doDelete to the URL:
When I load that page, however, I am shown a form to click to produce a POST request instead of a GET. When I click that, I get a 403 error page saying
No valid crumb was included in the request
As a workaround to use the (doDelete) workaround, I turned off "Prevent Cross Site Request Forgery exploits" in Configure Global Security.
Not sure if the component affected is `core`.