Cyber Resilience

CVE-2024-34695

Medium

Published: 14 May 2024

Published
14 May 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
EPSS Score 0.0039 60.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-34695 is a medium-severity Improper Control of Interaction Frequency (CWE-799) vulnerability. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 39.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once.…

more

Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-799

The control requires defining frequency, timing, and approval for security interactions, directly addressing uncontrolled interaction rates.

addresses: CWE-799

Allocation policies inherently restrict interaction frequency, reducing the impact of excessive requests.

addresses: CWE-799

Spam protection explicitly controls interaction frequency by detecting and acting on bulk unsolicited messages from external sources.

References