slixmpp is vulnerable to access control bypass. The vulnerability exists because the default permissions for persistent storage of private data on a PEP node is not set properly, disclosing private data that have been published to a PEP node to all the contacts of the victim.
lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
lists.fedoraproject.org/archives/list/[email protected]/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
lists.fedoraproject.org/archives/list/[email protected]/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
xmpp.org/extensions/xep-0223.html#howitworks