A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and previous versions allows malicious users to delete disabled modules.
jenkins ivy