It was found that foreman does not check for a correct CSRF token for the logout action. An attacker can therefore log out a user by having them view specially crafted content. Acknowledgements: This issue was discovered by Jan Hutař of Red Hat.
Statement: This issue affects the versions of foreman as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.