CVE-2018-15539by Jeremyin Security Bulletinson Posted on October 15, 2018 Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.