Reputation System Vulnerability Fix in 0.17.4.1

CVE-2024-34695

6.3MEDIUM

Key Information

Vendor: Sakuraisayeki
Status: Wows-karma
Vendor: CVE Published:; 14 May 2024

Summary

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1.

Affected Version(s)

WOWS-Karma = <= 0.17.4

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
May 7, 2024

Collectors

NVD DatabaseMitre Database