Cider’s platform is now available on

Jenkins credentials stored with global scope

Threat

Compromised credentials

Severity

High

Description

By default, Jenkins credentials are stored under the global scope. Global scope credentials are accessible by all Jenkins jobs, which increases the risk of credential theft by executing a malicious job in the instance.

Remediations

Avoid setting credentials with the global scope. Instead, limit the scope of credentials so it would be accessible only on jobs where it is required.

To limit the scope of Jenkins credentials using folder scopes:

  1. Install the Folders plugin. (https://plugins.jenkins.io/cloudbees-folder/).
  2. Create a folder for each group of pipelines that require access to a set of credentials, and move the pipelines to the folder.
  3. Create the credentials and set it with the folder’s scope.

To limit the scope of Jenkins credentials using user scopes:
Follow the instructions in the link below.
https://docs.cloudbees.com/docs/admin-resources/latest/pipelines/user-scoped-creds#_adding_user_scoped_credentials_to_your_user_account

Schedule a demo today to learn more about CI/CD pipeline risks, and how your organization can ensure the optimal security posture of its software delivery chain.

We are excited to announce that Cider Security has signed a definitive agreement to be acquired by Palo Alto Networks!