CVE-2024-44930: 
C# vulnerability analysis and mitigation

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests (NVD, CVE). The vulnerability was discovered and disclosed in August 2024.

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. The issue stems from the direct reading of X-Forwarded-For and Client-Ip headers without proper validation, allowing attackers to manipulate their apparent source IP address (NVD).

The vulnerability allows attackers to bypass IP-based security controls by falsifying their source IP address. This could potentially lead to circumvention of IP-based access controls, logging systems, and security monitoring mechanisms (NVD).

The vulnerability has been fixed in Serilog version 2.1.0. Users are recommended to upgrade to this version or later. The fix removes the reading of x-forwarded-for header to prevent IP spoofing (Release Notes).

The vulnerability was initially reported through GitHub Issues, where it was noted that using the ForwardedHeaders middleware would be a better approach for handling IP addresses, as it provides proper configuration options for known networks and proxies (GitHub Issue).