CVE-2024-50353

MEDIUM

ICG.AspNetCore.Utilities.CloudStorage < 8.0.0 - Improper Access Control in SAS Uri Duration Handling

Title source: llm

Description

ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv

Patch x_refsource_misc

https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

iowacomputergurus/aspnetcore.utilities.cloudstorage < 8.0.0

nuget/ICG.AspNetCore.Utilities.CloudStorage 0 - 8.0.0NuGet

Published Oct 30, 2024

Tracked Since Feb 18, 2026