{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50353", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-22T17:54:40.958Z", "datePublished": "2024-10-30T13:57:28.984Z", "dateUpdated": "2024-10-30T14:16:19.670Z"}, "containers": {"cna": {"title": "ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv"}, {"name": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff", "tags": ["x_refsource_MISC"], "url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff"}], "affected": [{"vendor": "IowaComputerGurus", "product": "aspnetcore.utilities.cloudstorage", "versions": [{"version": "< 8.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-30T13:57:28.984Z"}, "descriptions": [{"lang": "en", "value": "ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library."}], "source": {"advisory": "GHSA-24mc-gc52-47jv", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "iowa_computer_gurus", "product": "aspnetcore.utilites.cloudstorage", "cpes": ["cpe:2.3:a:iowa_computer_gurus:aspnetcore.utilites.cloudstorage:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-30T14:13:44.147399Z", "id": "CVE-2024-50353", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:16:19.670Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50353", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-30T14:13:44.147399Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:iowa_computer_gurus:aspnetcore.utilites.cloudstorage:*:*:*:*:*:*:*:*"], "vendor": "iowa_computer_gurus", "product": "aspnetcore.utilites.cloudstorage", "versions": [{"status": "affected", "version": "0", "lessThan": "8.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T14:16:14.592Z"}}], "cna": {"title": "ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected", "source": {"advisory": "GHSA-24mc-gc52-47jv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "IowaComputerGurus", "product": "aspnetcore.utilities.cloudstorage", "versions": [{"status": "affected", "version": "< 8.0.0"}]}], "references": [{"url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv", "name": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff", "name": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-30T13:57:28.984Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50353", "state": "PUBLISHED", "dateUpdated": "2024-10-30T14:16:19.670Z", "dateReserved": "2024-10-22T17:54:40.958Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-10-30T13:57:28.984Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iowacomputergurus:aspnetcore.utilities.cloudstorage:*:*:*:*:*:*:*:*", "matchCriteriaId": "B807C101-2DF0-4CAB-9310-1A0186960459", "versionEndExcluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library."}, {"lang": "es", "value": "ICG.AspNetCore.Utilities.CloudStorage es una colecci\u00f3n de utilidades de almacenamiento en la nube que ayudan con la administraci\u00f3n de archivos para la carga en la nube. Los usuarios de esta librer\u00eda que configuran una duraci\u00f3n para una URL de SAS con un valor distinto de 1 hora pueden haber generado una URL con una duraci\u00f3n mayor o menor a la deseada. Los usuarios que no implementaron URL de SAS no se ven afectados. Este problema se resolvi\u00f3 en la versi\u00f3n 8.0.0 de la librer\u00eda."}], "id": "CVE-2024-50353", "lastModified": "2024-11-13T15:15:19.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-10-30T14:15:07.790", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}