Admin Console Cookie path set to root on Openfire 4.2.2

It has been observed on Openfire admin console Cookie are stored in root(i.e /) folder. Appcookie physical path is being disclosed. If attacker get access to system that can view cookies.

I’m not that familiar with Linux, but if an attacker gets access to the system, isn’t he able to view any file in any folder?