We are aware of a new zero-day vulnerability in Atlassian Confluence, described in the bulletin at https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
After a brief check, I think it would not be difficult to adapt some of our existing custom scan tasks (like the Spring Framework scan) to find the vulnerable files:
confluence/WEB-INF/lib/xwork-1.0.3-atlassian-8.jar
confluence/WEB-INF/lib/webwork-2.1.5-atlassian-3.jar
confluence/setup/webwork/CachedConfigurationProvider.class
At the same time, I expect Confluence would have a much smaller installation base, and if any of us are running Atlassian Confluence there’s probably little question about which servers have it or where the installation resides.
At this time we don’t expect to provide out-of-box content to scan for vulnerable Atlassian Confluence installations, but we did want to open a thread to gauge community interest. Please comment here if you think adding content to scan, and/or apply the workarounds, would be of interest to you.