Unrated severityNVD Advisory· Published Jul 25, 2023· Updated Oct 16, 2024

Cal.com not expiring old sessions after enabling 2FA

CVE-2023-37919

Description

Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist.

Affected products

Calcom/Cal.comv5
Range: <= 3.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/calcom/cal.com/security/advisories/GHSA-cpf2-q635-xrwxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000