Unrated severityNVD Advisory· Published Jul 25, 2023· Updated Oct 16, 2024
Cal.com not expiring old sessions after enabling 2FA
CVE-2023-37919
Description
Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/calcom/cal.com/security/advisories/GHSA-cpf2-q635-xrwxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.