PT-2026-57367 · Crates.Io · Windmill-Api

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-54136

CVSS v4.0

5.1

Média

VetorAV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

A resource-scoped API token can read script contents outside its allowed path scope via GET /api/w/{workspace}/scripts/list search.
This appears to be a remaining variant of the scoped-token authorization class previously addressed for other endpoints. The route-level scope middleware validates the token domain/action, but does not enforce the resource/path segment of a scope. scripts/list search then returns script path and content for scripts in the workspace without applying per-row path filtering against the token scopes.

Affected endpoint

GET /api/w/{workspace}/scripts/list search

Affected versions

Confirmed in the current public repository code and believed to affect the latest published release at the time of review:
<= 1.714.1
Patched version: unknown.

Details

Windmill supports scoped API tokens with scopes in the format:
{domain}:{action}[:{resource}]
The parser supports resource-scoped values such as:
scripts:read:f/allowed/*
and the codebase contains helpers for resource matching, including wildcard matching.
However, the route-level scope check used for requests with scoped API tokens only validates the route domain and action. It does not compare the token's resource/path restriction against the requested route or against the rows returned by list endpoints.
For scripts/list search, the handler returns path and content for scripts in the workspace:
SELECT path, content from script WHERE workspace id = $1 AND archived = false LIMIT $2
There is no additional check scopes(...) call in the handler and no per-row filtering based on the token's resource/path scope.
As a result, a token intended to read only scripts under one path prefix may be able to read script contents from unrelated paths in the same workspace.

Source-level reproduction

  1. Create or use a workspace containing at least two scripts:
  • f/allowed/script a
  • f/private/script b
  1. Create a scoped API token intended to read only the allowed path:
scripts:read:f/allowed/*
  1. Use that token to call:
GET /api/w/{workspace}/scripts/list search
  1. Expected behavior:
The response should include only scripts matching the token's resource scope, e.g. only scripts under:
f/allowed/*
  1. Actual behavior from source review:
The route-level scope check accepts the request as scripts:read, and the handler returns script path and content for scripts in the workspace without filtering the rows by the token's resource scope.
This can expose script source code from paths outside the token's intended scope.

Impact

A user or integration holding a path-restricted scripts:read:{resource} token may be able to read script contents from unrelated scripts in the same workspace.
Depending on how scripts are used, this may disclose:
  • internal automation logic,
  • integration details,
  • business logic,
  • inline configuration,
  • accidentally hardcoded secrets or credentials.
This does not require admin privileges. It requires possession of a valid scoped API token for the workspace.

Related context

This appears related to the broader class of issues where route-level token scope enforcement validates domain/action but not the resource/path portion of the scope. Similar scoped-token issues appear to have been fixed for other endpoints, such as resources/variables listing and job preview/run paths, but I did not find an equivalent fix for scripts/list search.

Suggested fix

Apply resource/path scope enforcement to scripts/list search.
Possible approaches:
  1. Add explicit handler-level authorization similar to per-resource endpoints.
  2. Filter returned rows so that a scoped token only receives scripts whose path is included by at least one scripts:read:{resource} scope.
  3. Add regression tests for:
  • scripts:read:f/allowed/* cannot see f/private/script b,
  • broad scripts:read still sees all accessible scripts,
  • unscoped tokens preserve current behavior,
  • filter-tag-only tokens preserve current compatibility behavior.
A more defensive long-term fix would be to make route-level scope enforcement aware of resource/path restrictions where the route contains a concrete resource path, while list endpoints should apply per-row filtering.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-54136
GHSA-2PPX-66JV-WPW5

Produtos afetados

Windmill-Api