CVE-2019-18393

Name of the Vulnerable Software and Affected Versions Openfire versions 4.4.2 and earlier

Description The issue is related to a directory traversal vulnerability in the PluginServlet.java file. This vulnerability exists due to incorrect path name restrictions to a directory with limited access. Exploitation of the vulnerability may allow a remote attacker to impact the confidentiality of protected information.

Recommendations For Openfire versions 4.4.2 and earlier, update to version 4.5.0-beta or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories under the Openfire home directory to minimize the risk of exploitation.