Use of Cache Containing Sensitive Information in collectiveaccess/pawtucket2
Oct 4th 2021
With ref to this report: https://www.huntr.dev/bounties/9708c444-2cf2-4aed-8188-1dc7def05ba1/, should replicate over proper cache-control
Proof of Concept
Example of sensitive 1) Login to application dashboard 2) Go to lightbox page 3) Click logout. 4) Click go back button to see group codes
Any user can view others lightbox if browser tab remains unclosed on a shared computer.