Foreman prior to 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
theforeman foreman