CVE-2018-1000838

Name of the Vulnerable Software and Affected Versions autopsy versions prior to 4.9.1

Description The issue concerns a XML External Entity (XXE) vulnerability in the CaseMetadata XML Parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via specially crafted CaseMetadata.

Recommendations For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of CaseMetadata XML to minimize the risk of exploitation.