Bamboo API Key
Service Name: Atlassian Bamboo
Service Description: Atlassian Bamboo is a continuous integration and deployment server that automates the building, testing, and deployment of software applications. It integrates with version control systems and provides build agents to run tests and deploy code.
Service Address: https://www.atlassian.com/software/bamboo
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Bamboo instance level through Bamboo's security settings.
Secret Access Scope: Grants programmatic access to Bamboo resources, allowing users to trigger builds, access build results, manage plans, and perform other operations available through the Bamboo REST API.
Secret Revokement URL: https://confluence.atlassian.com/bamboo/personal-access-tokens-976779873.html
Secret Example: ATBBq0cxN7HvR5gXzYm9HpLT1234EXAMPLE
Suspicious Activity Investigation Instructions:
- Review Bamboo audit logs for unusual API calls or access patterns
- Check for unauthorized build plan modifications or deployments
- Monitor for unexpected build triggers or configuration changes
- Examine access logs for connections from unusual IP addresses or locations
- Review any changes to build configurations or deployment environments
Mitigation Instructions:
-
Log in to your Bamboo instance as an administrator
-
Navigate to your user profile by clicking on your avatar in the top-right corner
- Select "Personal access tokens" from the menu
- Locate the compromised token in the list
- Click the "Revoke" button next to the token
- Create a new token with appropriate permissions if needed
- Update any legitimate applications or scripts that were using the revoked token
- Review and adjust token permissions to follow the principle of least privilege