Jenkins Script Console Token
Service Name: Jenkins
Service Description: Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It supports the complete development lifecycle of software from integration, testing, delivery to deployment.
Service Address: https://jenkins.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Jenkins instance level through security settings and firewall configurations.
Secret Access Scope: Grants access to the Jenkins Script Console, which allows execution of arbitrary Groovy scripts with full system privileges on the Jenkins instance.
Secret Revokement URL: https://www.jenkins.io/doc/book/managing/security/
Secret Example: 11aa3b5a8d23d67c1a32743c0a1c220fe9e8dae574
Suspicious Activity Investigation Instructions:
- Review Jenkins system logs for unauthorized script console access
- Check for unexpected or unauthorized script executions in the system logs
- Examine Jenkins audit logs for suspicious user activities
- Look for unauthorized job creations or modifications
- Monitor for unexpected system configuration changes
- Review network access logs to identify unusual connection patterns
Mitigation Instructions:
- Immediately revoke the compromised API token through the Jenkins user
configuration page
- Generate a new token with appropriate permissions if still needed
- Enable or review Jenkins security settings to restrict Script Console access
- Implement or update IP filtering to limit access to trusted networks only
- Enable audit logging for all script console activities
- Consider implementing multi-factor authentication for Jenkins admin accounts
- Review and update Jenkins security plugins to latest versions
- Audit all Jenkins jobs and configurations for unauthorized changes
- Implement the principle of least privilege for all Jenkins users and tokens