PT-2024-34162 · Unknown · Icg.Aspnetcore.Utilities.Cloudstorage
Mitchelsellers
·
Published
2024-10-30
·
Updated
2024-11-13
·
CVE-2024-50353
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
Name of the Vulnerable Software and Affected Versions:
ICG.AspNetCore.Utilities.CloudStorage versions prior to 8.0.0
Description:
The issue affects users of the ICG.AspNetCore.Utilities.CloudStorage library who set a duration for a SAS Uri with a value other than 1 hour, potentially resulting in a URL with a duration that is longer or shorter than desired. Users not implementing SAS Uri's are unaffected.
Recommendations:
For versions prior to 8.0.0, update to version 8.0.0 of the library to resolve the issue.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icg.Aspnetcore.Utilities.Cloudstorage