{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34695", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-07T13:53:00.131Z", "datePublished": "2024-05-10T15:57:03.049Z", "dateUpdated": "2024-08-02T02:59:22.237Z"}, "containers": {"cna": {"title": "WOWS Karma vulnerable to a post submission bounce/timing attack", "problemTypes": [{"descriptions": [{"cweId": "CWE-799", "lang": "en", "description": "CWE-799: Improper Control of Interaction Frequency", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g"}, {"name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a", "tags": ["x_refsource_MISC"], "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a"}, {"name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2", "tags": ["x_refsource_MISC"], "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2"}], "affected": [{"vendor": "SakuraIsayeki", "product": "WOWS-Karma", "versions": [{"version": "<= 0.17.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-10T15:57:03.049Z"}, "descriptions": [{"lang": "en", "value": "WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on \"create\" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1."}], "source": {"advisory": "GHSA-v6cc-v976-mj8g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T16:10:44.417474Z", "id": "CVE-2024-34695", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T16:10:53.696Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.237Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g"}, {"name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a"}, {"name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g", "name": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a", "name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2", "name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.237Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34695", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-05T16:10:44.417474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T16:10:48.656Z"}}], "cna": {"title": "WOWS Karma vulnerable to a post submission bounce/timing attack", "source": {"advisory": "GHSA-v6cc-v976-mj8g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "SakuraIsayeki", "product": "WOWS-Karma", "versions": [{"status": "affected", "version": "<= 0.17.4"}]}], "references": [{"url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g", "name": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a", "name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2", "name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on \"create\" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-799", "description": "CWE-799: Improper Control of Interaction Frequency"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-10T15:57:03.049Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34695", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:59:22.237Z", "dateReserved": "2024-05-07T13:53:00.131Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-10T15:57:03.049Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on \"create\" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1."}, {"lang": "es", "value": "WOWS Karma es un sistema de reputaci\u00f3n para World of Warships de Wargaming. Un usuario puede hacer clic varias veces en \"crear\" en un mensaje de creaci\u00f3n de publicaciones antes de que se cierre el modo, lo que desencadena el env\u00edo de varias solicitudes API de creaci\u00f3n de publicaciones a la vez. Debido al tiempo, el env\u00edo de solicitudes de publicaciones m\u00faltiples simult\u00e1neamente omite la validaci\u00f3n del tiempo de reutilizaci\u00f3n; sin embargo, no se actualizan las m\u00e9tricas de un usuario m\u00e1s de una vez, debido a las actualizaciones de karma simult\u00e1neas. Este problema se solucion\u00f3 en 0.17.4.1."}], "id": "CVE-2024-34695", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-14T15:39:26.783", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a"}, {"source": "security-advisories@github.com", "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2"}, {"source": "security-advisories@github.com", "url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-799"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}