Summary: I have found a inadequate cache control vulnerability in Gitter.
Description: You can use the backspace button to get the full access to the account. There is no cache control and the browser saves sensitive information of a private chat room. This report is influenced by the disclosed report #407763. The impact and attack scenario is also the same.
You can access the private room without actually being logged in. You can also chat from the logged out account.
Sensitive information can get disclosed through a single backspace.