Skip to content

Jenkins Script Console Token

Service Name: Jenkins

Service Description: Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It supports the complete development lifecycle of software from integration, testing, delivery to deployment.

Service Address: https://jenkins.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Jenkins instance level through security settings and firewall configurations.

Secret Access Scope: Grants access to the Jenkins Script Console, which allows execution of arbitrary Groovy scripts with full system privileges on the Jenkins instance.

Secret Revokement URL: https://www.jenkins.io/doc/book/managing/security/

Secret Example: 11aa3b5a8d23d67c1a32743c0a1c220fe9e8dae574

Suspicious Activity Investigation Instructions:

  • Review Jenkins system logs for unauthorized script console access
  • Check for unexpected or unauthorized script executions in the system logs
  • Examine Jenkins audit logs for suspicious user activities
  • Look for unauthorized job creations or modifications
  • Monitor for unexpected system configuration changes
  • Review network access logs to identify unusual connection patterns

Mitigation Instructions:

  • Immediately revoke the compromised API token through the Jenkins user

configuration page

  • Generate a new token with appropriate permissions if still needed
  • Enable or review Jenkins security settings to restrict Script Console access
  • Implement or update IP filtering to limit access to trusted networks only
  • Enable audit logging for all script console activities
  • Consider implementing multi-factor authentication for Jenkins admin accounts
  • Review and update Jenkins security plugins to latest versions
  • Audit all Jenkins jobs and configurations for unauthorized changes
  • Implement the principle of least privilege for all Jenkins users and tokens