add airflow cve-2022-24288 (#3873)

* add airflow cve-2022-24288

* lint update

* template request + matcher + metadata update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>

cves/2022/CVE-2022-24288.yaml

@@ -0,0 +1,28 @@
+id: CVE-2022-24288
+
+info:
+  name: Apache Airflow CVE-2022-24288 OS Command Injection
+  author: xeldax
+  severity: critical
+  description: In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
+  reference: https://github.com/advisories/GHSA-3v7g-4pg3-7r6j
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2022-24288
+    cwe-id: CWE-78
+  metadata:
+    shodan-query: title:"Airflow - DAGs"
+  tags: cve,cve2022,airflow,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/admin/airflow/code?root=&dag_id=example_passing_params_via_test_command"
+      - "{{BaseURL}}/code?dag_id=example_passing_params_via_test_command"
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        words:
+          - 'foo was passed in via Airflow CLI Test command with value {{ params.foo }}' # Works with unauthenticated airflow instance

misconfiguration/airflow/unauthenticated-airflow.yaml

@@ -5,24 +5,22 @@ info:
   author: dhiyaneshDK
   severity: high
   tags: apache,airflow,unauth
+  metadata:
+    shodan-query: title:"Airflow - DAGs"
 
 requests:
   - method: GET
     path:
+      - "{{BaseURL}}"
       - "{{BaseURL}}/admin/"
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word
-        words:
-          - "Content-Type: text/html"
-        part: header
-
-      - type: word
+        part: body
         words:
           - "<title>Airflow - DAGs</title>"
-        part: body
-        condition: and
 
       - type: status
         status: