JFrog JWT Access Token
Service Name: JFrog Artifactory
Service Description: JFrog Artifactory is a universal repository manager that supports all major packaging formats, build tools, and CI/CD servers. It provides secure, private Docker registry, npm, Maven, PyPI, and other repositories.
Service Address: https://jfrog.com/artifactory/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to JFrog Artifactory resources based on the permissions of the user or service account that generated the token.
Secret Revokement URL: https://jfrog.com/help/r/jfrog-platform-administration-documentation/revoke-access-tokens
Secret Example: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJhYmNkZWZnMTIzNDU2Nzg5MC5leUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2SWpFaWZRLmV5SnpkV0lpT2lKcVptRmpRREF4WjNFaWZRLmFiY2RlZmc
Suspicious Activity Investigation Instructions:
- Check JFrog Artifactory audit logs for unauthorized access or suspicious download patterns
- Review access logs for unusual IP addresses or access times
- Check for unexpected repository creation or modification
- Verify if there are any unauthorized user permissions changes
- Monitor for unusual artifact uploads or downloads
Mitigation Instructions:
- Log in to your JFrog Artifactory instance
- Navigate to Administration > Security > Access Tokens
- Locate the compromised token and click "Revoke"
- Generate a new token with appropriate permissions
- Update any applications or services using the old token
- Consider implementing token expiration policies
- Review and adjust user permissions as needed