[HIGH] Some admin paths were not protected with a CSRF token

PKSA-kq9s-pmck-3hhz CVE-2017-6379 GHSA-gxxq-fhc7-3jv9

Affected package: drupal/core

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7

Reported by:
FriendsOfPHP/security-advisories, GitHub