Описание
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update(). This vulnerability is fixed in 6.0.7.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.6 (включая) до 6.0.7 (исключая)
cpe:2.3:a:cal:cal.com:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00095
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-602
EPSS
Процентиль: 27%
0.00095
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-602