Red Hat Security Advisory 2015-0288-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted. All foreman-proxy users are advised to upgrade to these updated packages, which corrects this issue.
9a44666ee5021b23cf0a931497cd049bd2e0b94971a9f23ca08cdfcf7ec5ab2d