The implications for HN are minimal, but this is a login CSRF, not a logout CSRF. Like session fixation, login fixation is a serious flaw.
Believe it or not, there have been apps with serious flaws stemming from logout fixation --- but those flaws were notable because they weaponized logout CSRF. :)
What exactly is "logout fixation"? Session/login fixation makes sense, but I can't really imagine what logout fixation would look like. Google was of no help, either. Do you mean a logout function which doesn't properly log you out, or logout CSRF?
I agree that depending on the context session fixation and login CSRFs can have actual security impact, but those cases are far and few between, so calling them a "serious flaw" feels a bit hyperbolic to me.
Believe it or not, there have been apps with serious flaws stemming from logout fixation --- but those flaws were notable because they weaponized logout CSRF. :)