Add vpatch-CVE-2024-8181 rule and test

[crowdsec-automation]

This rule detects attempts to exploit the authentication bypass vulnerability in Flowise <= 1.8.2 (CVE-2024-8181). The attack involves sending a GET request to the /api/v1/apikey endpoint with a crafted query string that includes /api/v1/ping, which allows unauthenticated access to sensitive API endpoints.

• The rule matches requests where the URI contains both /api/v1/apikey and /api/v1/ping, using the contains match type for flexibility and to avoid false negatives.
• Both matches use the lowercase and urldecode transforms to ensure case-insensitive and encoded variant detection.
• No argument or header matching is needed, as the attack is fully contained in the URI.
• The labels section includes the correct CVE, ATT&CK, and CWE references, and the label follows the required format.

Validation checklist:

• All value: fields are lowercase.
• All relevant transforms include lowercase and urldecode.
• No match values contain capital letters.
• The rule uses contains instead of regex where applicable.

[github-actions]

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2024-8181 🔴

[github-actions]

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!