Skip to content

Jenkins Token

Service Name: Jenkins

Service Description: Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It provides hundreds of plugins to support building, deploying, and automating any project.

Service Address: https://jenkins.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Jenkins instance level through security settings and plugins like "Role-based Authorization Strategy" or through network-level controls.

Secret Access Scope: Jenkins API tokens grant programmatic access to Jenkins resources and can have varying levels of permissions depending on the user's role and configuration.

Secret Revokement URL: https://[jenkins-instance]/user/[username]/configure

Secret Example: 11112222333344445555666677778888aa

Suspicious Activity Investigation Instructions:

  • Review Jenkins audit logs for unusual API calls or job executions
  • Check for unauthorized job creations, modifications, or executions
  • Monitor for unusual build patterns or resource usage
  • Examine access logs for suspicious IP addresses or login attempts
  • Review system logs for any unauthorized configuration changes

Mitigation Instructions:

  • Log in to your Jenkins instance
  • Navigate to "People" or directly to your user profile

  • Click on your username

  • Select "Configure" from the left sidebar
  • Scroll down to the "API Token" section
  • Revoke the compromised token by clicking "Revoke"
  • Generate a new token if needed
  • Consider implementing more restrictive permissions for new tokens
  • Review and update Jenkins security settings to enforce stronger authentication
  • Consider implementing IP restrictions for API access if appropriate