Jeremy Choi of Red Hat reports:
There is no CSRF attack protection mechanism on the web console. While users
are authenticated malicious links or scripts provided by attackers can cause
unwanted action which the user does not want to do.
This issue has been addressed in following products:
RHEL 6 Version of OpenShift Enterprise
Via RHSA-2012:1555 https://rhn.redhat.com/errata/RHSA-2012-1555.html
This issue was discovered by Red Hat.