Red Hat Bugzilla – Bug 1128108
CVE-2014-3590 rhn_satellite_6: cross-site request forgery (CSRF) can force logout
Last modified: 2015-03-04 13:46:56 EST
It was found that foreman does not check for a correct CSRF token for the logout action. An attacker can therefore log out a user by having them view specially crafted content.
This issue was discovered by Jan Hutař of Red Hat.
This issue affects the versions of foreman as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.