It was found that foreman does not check for a correct CSRF token for the logout action. An attacker can therefore log out a user by having them view specially crafted content.
Acknowledgements:
This issue was discovered by Jan HutaĆ of Red Hat.
Statement:
This issue affects the versions of foreman as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.