Jeremy Choi of Red Hat reports: There is no CSRF attack protection mechanism on the web console. While users are authenticated malicious links or scripts provided by attackers can cause unwanted action which the user does not want to do.
This issue has been addressed in following products: RHEL 6 Version of OpenShift Enterprise Via RHSA-2012:1555 https://rhn.redhat.com/errata/RHSA-2012-1555.html
Acknowledgements: This issue was discovered by Red Hat.