Cal.Com · Cal.Com · CVE-2023-37919
**Name of the Vulnerable Software and Affected Versions**
Cal.com (affected versions not specified)
**Description**
A vulnerability in Cal.com open-source scheduling software allows active sessions associated with an account to remain active even after enabling 2FA. When 2FA is activated on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) without having to verify the account owner's identity. No known patches or workarounds exist as of the time of publication.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.