[MEDIUM] The disqualify lead action may be executed without CSRF token check

PKSA-q9vg-cpjn-sk23 CVE-2021-39198 GHSA-vf7h-6246-hm43

Affected version: >=4.2.0,<4.2.7|>=3.1.0,<4.1.17

Reported by:
GitHub