Open Redirect weakness in links_controller.rb
An open redirect weakness was found in Foreman's links_controller.rb. When using the root_url parameter, it is possible to redirect the user to an attacker controlled URL.
On a Foreman/Katello box, this can be triggered as simply as
You can also use the plugin doc handler: