xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern
A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. (specifically without trailing slash) to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.export restriction.