Jenkins Token
Service Name: Jenkins
Service Description: Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It provides hundreds of plugins to support building, deploying, and automating any project.
Service Address: https://jenkins.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Jenkins instance level through security settings and plugins like "Role-based Authorization Strategy" or through network-level controls.
Secret Access Scope: Jenkins API tokens grant programmatic access to Jenkins resources and can have varying levels of permissions depending on the user's role and configuration.
Secret Revokement URL: https://[jenkins-instance]/user/[username]/configure
Secret Example: 11112222333344445555666677778888aa
Suspicious Activity Investigation Instructions:
- Review Jenkins audit logs for unusual API calls or job executions
- Check for unauthorized job creations, modifications, or executions
- Monitor for unusual build patterns or resource usage
- Examine access logs for suspicious IP addresses or login attempts
- Review system logs for any unauthorized configuration changes
Mitigation Instructions:
- Log in to your Jenkins instance
-
Navigate to "People" or directly to your user profile
-
Click on your username
- Select "Configure" from the left sidebar
- Scroll down to the "API Token" section
- Revoke the compromised token by clicking "Revoke"
- Generate a new token if needed
- Consider implementing more restrictive permissions for new tokens
- Review and update Jenkins security settings to enforce stronger authentication
- Consider implementing IP restrictions for API access if appropriate