The Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. (CVE-2020-5916)
Impact
Requests to the Configuration utility can result in arbitrary file reads outside of the web root directory.