Add CVE-2024-27198 Auth Bypass Detector

[frkngksl]

Hi @tooryx , @maoning ,

This is the PR that resolves #404

Testbed is: google/security-testbeds#174

[giacomo-doyensec]

Hello @frkngksl, thanks for this PR.
Can you make the delete_added_user action a cleanup action of create_admin_user?

[frkngksl]

Hello @frkngksl, thanks for this PR. Can you make the delete_added_user action a cleanup action of create_admin_user?

Is this a new future right ? I didnt know that 😁

[frkngksl]

I guess it's done @giacomo-doyensec

[giacomo-doyensec]

Thanks for the swift update! Is there a specific reason you put the cleanup action on create_admin_token instead of create_admin_user?

[frkngksl]

Hi again @giacomo-doyensec , I thought that that token action is the last operation for the newly created user, that's why I selected it, but considering your comment, the best practice should be adding to the action which creates the user. I updated it correctly. Sorry for the misunderstanding.

[giacomo-doyensec]

No problem at all @frkngksl, the plugin and relative testbed looks good, let me close this!

[giacomo-doyensec]

LGTM - Approved
@tooryx , this can be merged along with google/security-testbeds#174.

Reviewer: Giacomo, Doyensec
Plugin: CVE-2024-27198
Drawbacks: None.