Improper handling of CSRF protection in the diagnostics app in combination with the SameSite-Cookie setting being set to None allows cross site invocation of an admin…Read More