Some admin paths were not protected with a CSRF token

PKSA-m9vt-xddw-ftmz CVE-2017-6379

Affected package: drupal/drupal

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.7

Reported by:
FriendsOfPHP/security-advisories