03-17-2025, 07:00 PM
Low
resolved
resolved
Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/
Bug reported by Try_the_hack was disclosed at March 16, 2025, 2:50 pm |
A cache control vulnerability was identified on the You are not allowed to view links. Register or Login to view. page. After logging out, sensitive information such as the user's first name, last name, and email address remained accessible by using the browser's back button. This occurred due to improper caching of authenticated pages, allowing unauthorized access to sensitive user information.