Chamillo LMS Information Disclosure Vulnerability in Personal Data Endpoint

A vulnerability in Chamillo LMS version 1.11.2 allows unauthorized access to sensitive user information through the Social Network /personal_data endpoint. The issue arises from inadequate cache-control, which enables the retrieval of personal data even after a user has logged out. This flaw can be exploited by unauthorized users on the same device, leading to potential profiling, impersonation, targeted attacks, and significant privacy risks.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive personal information, including full user details, even after logout. This could facilitate profiling and impersonation of users, along with targeted attacks based on the disclosed information.

Reproduction

To reproduce this vulnerability, log into a Chamillo LMS account and navigate to the Social Network > Personal Data section. After viewing the sensitive personal information, log out and immediately use the browser's back button. The absence of proper cache control will allow access to the personal data again, exposing it to anyone on the same device.