Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-12T20:31:47

Updated: 2024-08-04T15:19:09.368Z

Reserved: 2020-08-27T00:00:00

Link: CVE-2020-24719

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-12T21:15:10.917

Modified: 2024-11-21T05:15:57.893

Link: CVE-2020-24719

cve-icon Redhat

No data.