Cal.com not expiring old sessions after enabling 2FA
CVE-2023-37919

6.5MEDIUM

Key Information:

Vendor: Calcom
Status: Cal.com
Vendor: CVE Published:; 25 July 2023

What is CVE-2023-37919?

Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist.

Affected Version(s)

cal.com <= 3.1.4

References

https://github.com/calcom/cal.com/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Jul 10, 2023

CVE-2023-37919 Data

JSON

Calcom

What is CVE-2023-37919?

Affected Version(s)

References

CVSS V3.1

Timeline