jenkins config file provider plugin is vulnerable to cross-site request forgery (CSRF). The server did not verify the authenticity of web requests and allows an attacker is able to delete configuration files corresponding to an attacker-specified ID by tricking an authenticated user to visit a malicious website, which would submit the requests on behalf of the user.