CloudBees API Token
Service Name: CloudBees
Service Description: CloudBees is a DevOps platform that provides continuous integration and continuous delivery (CI/CD) solutions, built on top of Jenkins. It offers enterprise-level features for software development automation, testing, and deployment.
Service Address: https://www.cloudbees.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through CloudBees security settings.
Secret Access Scope: Grants programmatic access to CloudBees CI/CD resources, pipelines, and administrative functions based on the user's permissions.
Secret Revokement URL: https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-secure-guide/securing-your-jenkins-instance
Secret Example: cbat_1234abcd5678efgh9012ijkl3456mnop
Suspicious Activity Investigation Instructions:
- Review CloudBees audit logs for unusual pipeline executions or configuration changes.
- Check for unauthorized access to projects or resources.
- Monitor for unusual build patterns or deployment activities.
- Examine API access logs for suspicious IP addresses or unusual request patterns.
- Verify if there were any permission changes or role assignments.
Mitigation Instructions:
- Immediately revoke the compromised API token through the CloudBees user interface.
- Generate a new API token if needed, with appropriate scope limitations.
- Review and update user permissions to ensure Principle of Least Privilege access.
- Enable two-factor authentication for all CloudBees accounts if not already enabled.
- Update any CI/CD pipelines or integrations that were using the compromised token.
- Consider implementing IP restrictions for API access if available in your plan.
- Review CloudBees security best practices and implement additional security controls.