org.igniterealtime.openfire:xmppserver is vulnerable to authentication bypass. A remote unauthenticated attacker is able to access restricted pages in the Openfire Admin Console designated for administrative users due to a path traversal in the unauthenticated Openfire Setup Environment.
packetstormsecurity.com/files/173607/Openfire-Authentication-Bypass-Remote-Code-Execution.html
github.com/igniterealtime/Openfire/commit/0448cc955e9807d923ad627bbdf3faee8733ad72
github.com/igniterealtime/Openfire/commit/2ac00a1ff42f5d3547ef58e21f8cdec992bfcf97
github.com/igniterealtime/Openfire/commit/71f3def2adeaac62729cf544b645c6819c3d9868
github.com/igniterealtime/Openfire/commit/78dc8f82ef65d9d2697f90fcfe0bfaefbdfe39fb
github.com/igniterealtime/Openfire/commit/a3b5ebd5032ff7be9d3ada5bf52bea2df96ec881
github.com/igniterealtime/Openfire/commit/f375283843294bab7d493cfc156c4c501d6e8a6c
github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm
igniterealtime.atlassian.net/browse/OF-2595