CVE-2020-24719

Name of the Vulnerable Software and Affected Versions Erlang version 6.5.1

Description The issue allows for Remote Command Execution (RCE) attacks due to an exposed Erlang Cookie. This cookie is a shared secret, also known as a "magic cookie", used for communication between Erlang nodes. In some cases, the magic cookie is included in log contents, which an attacker can exploit to attach to an Erlang node and execute OS-level commands on the system running the Erlang node.

Recommendations For version 6.5.1, update to version 6.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the logs that may contain the magic cookie to minimize the risk of exploitation.