PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Recent assessments:
ericalexanderorg at August 04, 2020 4:44pm UTC reported:
More detail:
<https://swarm.ptsecurity.com/openfire-admin-console/>
Stupid easy
> GET /plugins/search/…\conf\openfire.xml
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4