📄 Description (English)
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Attackers can exploit persistent poisoned entries across all subsequent script executions on the same worker pod to redirect hostnames, intercept DNS queries, perform transparent HTTPS man-in-the-middle attacks, and intercept WM_TOKEN JWTs to gain workspace-admin access to other users' workspaces.
🤖 AI Executive Summary
Windmill versions prior to 1.703.2 contain a critical sandbox escape vulnerability allowing authenticated users to modify system configuration files (/etc/hosts, /etc/resolv.conf, /etc/ssl/certs) within script execution environments. This enables DNS poisoning, HTTPS man-in-the-middle attacks, and token interception to compromise workspace security. The vulnerability affects all subsequent script executions on compromised worker pods, creating persistent attack vectors.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 21, 2026 17:07
🇸🇦 Saudi Arabia Impact Assessment
High impact for Saudi organizations using Windmill for workflow automation, particularly in: (1) Banking sector (SAMA-regulated institutions) - risk of JWT token interception and unauthorized workspace access to financial systems; (2) Government agencies (NCA oversight) - potential compromise of administrative automation workflows; (3) Telecom operators (STC, Mobily) - DNS poisoning could redirect critical infrastructure communications; (4) Energy sector (ARAMCO, SEC) - HTTPS MITM attacks on operational technology integrations; (5) Healthcare providers - patient data exposure through compromised automation scripts. The persistent nature of the vulnerability across worker pods creates sustained compromise risk.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Utilities
Healthcare
Manufacturing
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
T1021.004 - Remote Services: SSH (pod escape via /etc modifications)
T1040 - Network Sniffing (DNS poisoning, HTTPS MITM)
T1557.002 - Adversary-in-the-Middle: HTTPS Interception
T1110.001 - Brute Force: Credential Guessing (JWT token interception)
T1078.001 - Valid Accounts: Default Accounts (workspace-admin access)
T1562.008 - Impair Defenses: Disable or Modify System Firewall (DNS/HTTPS redirection)
T1556 - Modify Authentication Process (certificate manipulation)
T1087.004 - Account Discovery: Cloud Account (workspace enumeration)
⚖️ Saudi Risk Score (AI)
8.7
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Audit all Windmill deployments to identify version < 1.703.2
2. Restrict network access to Windmill worker pods to trusted networks only
3. Implement pod security policies to prevent /etc bind-mount modifications
4. Review audit logs for suspicious /etc file modifications within script execution contexts
5. Rotate all WM_TOKEN JWTs and workspace admin credentials immediately
COMPENSATING CONTROLS (until patch available):
1. Deploy read-only filesystem enforcement at container runtime level using seccomp/AppArmor profiles
2. Implement network policies to restrict egress from worker pods to DNS/HTTPS services
3. Use immutable container images with verified /etc/hosts, /etc/resolv.conf, /etc/ssl/certs checksums
4. Enable audit logging for all file access within /etc directories
5. Implement certificate pinning for critical HTTPS connections
6. Deploy network-based DNS query monitoring to detect poisoning attempts
DETECTION RULES:
1. Monitor for write operations to /etc/hosts, /etc/resolv.conf, /etc/ssl/certs from within container namespaces
2. Alert on DNS query anomalies or resolution changes for critical hostnames
3. Detect TLS certificate validation failures or unexpected CA certificate additions
4. Monitor for WM_TOKEN usage from unexpected source IPs or workspaces
5. Track failed authentication attempts following token interception patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع نشرات Windmill لتحديد الإصدار < 1.703.2
2. تقييد الوصول إلى شبكة حاويات عمل Windmill للشبكات الموثوقة فقط
3. تنفيذ سياسات أمان الحاويات لمنع تعديلات ربط /etc
4. مراجعة سجلات التدقيق للتعديلات المريبة على ملفات /etc داخل سياقات تنفيذ البرامج النصية
5. تدوير جميع رموز WM_TOKEN وبيانات اعتماد مسؤول مساحة العمل فوراً
الضوابط التعويضية (حتى توفر التصحيح):
1. نشر فرض نظام الملفات للقراءة فقط على مستوى وقت تشغيل الحاوية باستخدام ملفات تعريف seccomp/AppArmor
2. تنفيذ سياسات الشبكة لتقييد الخروج من حاويات العمل إلى خدمات DNS/HTTPS
3. استخدام صور حاويات ثابتة مع مجاميع تحقق من /etc/hosts و /etc/resolv.conf و /etc/ssl/certs
4. تفعيل تسجيل التدقيق لجميع عمليات الوصول إلى الملفات داخل دلائل /etc
5. تنفيذ تثبيت الشهادات للاتصالات HTTPS الحرجة
6. نشر مراقبة استعلامات DNS على مستوى الشبكة للكشف عن محاولات التسميم
قواعد الكشف:
1. مراقبة عمليات الكتابة إلى /etc/hosts و /etc/resolv.conf و /etc/ssl/certs من داخل مساحات أسماء الحاويات
2. التنبيه على شذوذ استعلامات DNS أو تغييرات الدقة للأسماء المضيفة الحرجة
3. الكشف عن فشل التحقق من شهادة TLS أو إضافات شهادات CA غير المتوقعة
4. مراقبة استخدام WM_TOKEN من عناوين IP أو مساحات عمل غير متوقعة
5. تتبع محاولات المصادقة الفاشلة بعد أنماط اعتراض الرموز
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies (unauthorized workspace access)
ECC 2024 A.5.2.1 - User Registration and Access Management (JWT token compromise)
ECC 2024 A.6.1.2 - Cryptography (HTTPS MITM attacks)
ECC 2024 A.8.1.1 - Audit Logging (detection of /etc modifications)
ECC 2024 A.12.4.1 - Event Logging (security event monitoring)
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management (Windmill deployment inventory)
SAMA CSF PR.AC-1 - Access Control (workspace authentication compromise)
SAMA CSF PR.DS-2 - Data Security (DNS poisoning, HTTPS MITM)
SAMA CSF DE.AE-1 - Anomalies and Events (suspicious /etc modifications)
SAMA CSF RS.AN-1 - Analysis (incident investigation of token interception)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.3 - Segregation of Duties (workspace isolation failure)
ISO 27001:2022 A.6.2 - User Access Management (authentication bypass via token interception)
ISO 27001:2022 A.8.3 - Cryptography (HTTPS MITM attacks)
ISO 27001:2022 A.8.15 - Logging (audit trail of /etc modifications)
ISO 27001:2022 A.12.4.1 - Event Logging and Monitoring
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall Configuration Standards (network segmentation of worker pods)
PCI DSS 2.1 - Default Security Parameters (sandbox configuration hardening)
PCI DSS 6.2 - Security Patches (Windmill version management)
PCI DSS 10.2 - User Access Logging (WM_TOKEN usage monitoring)
🔗 References & Sources 5
🔗
🔗
🔗
🔗
🔗
https://github.com/windmill-labs/windmill/commit/f8467f38c8a053117ce62f96684cfb15ef792f08
disclosure@vulncheck.com
https://github.com/windmill-labs/windmill/pull/9194
disclosure@vulncheck.com
https://github.com/windmill-labs/windmill/releases/tag/v1.703.2
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/windmill-incorrect-default-permissions-in-nsjail-c...
disclosure@vulncheck.com
https://github.com/windmill-labs/windmill/pull/9194
134c704f-9b21-4f2e-91b3-4a467353bcc0