A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.