5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-50353

CVE-2024-50353: ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected

Impact

Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired.

Users not implemented SAS Uri's are unaffected.

Patches

This issue was resolved in version 8.0.0 of the library, all users should update to this version ASAP.

Workarounds

None

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-50353

CVE-2024-50353:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ICG.AspNetCore.Utilities.CloudStorage	nuget	< 8.0.0	8.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows the vulnerability was in AzureCloudStorageProvider.cs where ExpiresOn was set to AddHours(1) instead of AddMinutes(tokenDuration). This matches the advisory description about miscalculated token durations. The CreateSASUrl method is directly responsible for generating SAS URLs with user-specified durations, making it the clear vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-50353: ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected

Impact

Patches

Workarounds

CVE-2024-50353:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.3

5.3

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-50353: ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected

Impact

Patches

Workarounds

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI