GitHub_MVULNRICHMENT:CVE-2024-34695CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
WOWS Karma is a reputation system for Wargaming’s World of Warships. A user is able to click multiple times on “create” on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user’s metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1.
CNA Affected
[
{
"vendor": "SakuraIsayeki",
"product": "WOWS-Karma",
"versions": [
{
"version": "<= 0.17.4",
"status": "affected"
}
]
}
]Related
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%