Skip to content

Jenkins Admin Token

Service Name: Jenkins

Service Description: Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It supports the complete development lifecycle, from code integration to deployment, with hundreds of plugins to support building, deploying, and automating any project.

Service Address: https://www.jenkins.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Jenkins instance level through security settings and plugins like "Role-based Authorization Strategy" or through reverse proxy configurations.

Secret Access Scope: Jenkins admin tokens provide full administrative access to the Jenkins instance, allowing configuration changes, job creation/modification, credential management, and user administration.

Secret Revokement URL: https://[jenkins-instance]/user/[username]/configure (Navigate to the user configuration page to manage API tokens)

Secret Example: 11e8b9b0f0d0a2e0e8f0c0e0d0c0b0a0

Suspicious Activity Investigation Instructions:

  • Review Jenkins audit logs for unauthorized access or configuration changes
  • Check job history for unexpected builds or deployments
  • Examine system logs for unusual API calls or login attempts
  • Review credential usage history in Jenkins
  • Verify if any new users or permissions were added recently
  • Check for unauthorized plugins or script executions

Mitigation Instructions:

  • Immediately revoke the compromised token by navigating to the user's

configuration page

  • Generate a new token with appropriate permissions if needed
  • Review and update Jenkins security settings
  • Enable or review two-factor authentication for administrative accounts
  • Audit all jobs and configurations for unauthorized changes
  • Update Jenkins to the latest version to patch any security vulnerabilities
  • Consider implementing IP restrictions for administrative access
  • Review and potentially rotate other credentials stored in Jenkins