Skip to content

CloudBees API Token

Service Name: CloudBees

Service Description: CloudBees is a DevOps platform that provides continuous integration and continuous delivery (CI/CD) solutions, built on top of Jenkins. It offers enterprise-level features for software development automation, testing, and deployment.

Service Address: https://www.cloudbees.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through CloudBees security settings.

Secret Access Scope: Grants programmatic access to CloudBees CI/CD resources, pipelines, and administrative functions based on the user's permissions.

Secret Revokement URL: https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-secure-guide/securing-your-jenkins-instance

Secret Example: cbat_1234abcd5678efgh9012ijkl3456mnop

Suspicious Activity Investigation Instructions:

  • Review CloudBees audit logs for unusual pipeline executions or configuration changes.
  • Check for unauthorized access to projects or resources.
  • Monitor for unusual build patterns or deployment activities.
  • Examine API access logs for suspicious IP addresses or unusual request patterns.
  • Verify if there were any permission changes or role assignments.

Mitigation Instructions:

  • Immediately revoke the compromised API token through the CloudBees user interface.
  • Generate a new API token if needed, with appropriate scope limitations.
  • Review and update user permissions to ensure Principle of Least Privilege access.
  • Enable two-factor authentication for all CloudBees accounts if not already enabled.
  • Update any CI/CD pipelines or integrations that were using the compromised token.
  • Consider implementing IP restrictions for API access if available in your plan.
  • Review CloudBees security best practices and implement additional security controls.