Weekly in Security 202229

2022-07-18 to 2022-07-26

3 min read - 526 words


Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-07-18 to 2022-07-25.


CVE-2022-26138 - Hardcoded account in Questions For Confluence app

Atlassian released security advisory 2022-07-20. The Confluence app Questions for Confluence creates a the user disabledsystemuser with a hardcoded password. The presumably disabled user is added to the confluence-users group. As such, the account is able to login and access non-restricted pages by default. And the story get’s more exiting. The account contact address is dontdeletethisuser(at)email.com. The tld is used by the freemailer mail.com. The first one to notice this was 4chr4f2, who also registered the respective mail account. He subsequently received all the relevant mails for the hardcoded account. The affected app is developed by Atlassian themselves.

Technical Reads

Gitlab Project Import RCE Analysis (CVE-2022-2185)

The article by STAR labs provides an details analysis of the post-auth RCE bug with CVSS 9.9. This is a good guide from the initial advisory to a working PoC.

CVE-2022-34918 - A crack in the Linux firewall

During his internship at RandoriSec Arthur Mongodin investigated the kernel component netfilter. discovered a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22 and kernel Linux ubuntu 5.15.0-39-generic. The source code of the exploit is available on our GitHub.

Candiru exploiting CVE-2022-2294

Avast Threat Labs provides some context to the recently patched CVE-2022-2294 in Google Chrome. The vulnerability was a memory corruption in WebRTC and was patched on 2022-07-04. The team observed exploitation attempts in the Middle East. Based on the TTPs the campaign is associated with Candiru. The threat actor was investigated by Citizen Lab and Microsoft in July 2021. After the disclosure they lay low and updated their toolset.

Golang malware update

Avast Threat Labs provides an overview of recently observed Golang based malware. Multiplatform support and relative ease of development Golang promote the use of Golang also for malicious purposes. This is also supported by an ever increasing number of open source tools on Github that are sometimes resued by different threat actors.



Affinis is a Recurrent Neural Network SubDomain Discovery Tool. Affinis aims to find undiscovered or forgotten subdomains through the use of Natural Language Processing and the Keras LSTM RNN API.


Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.