Jira Token

Description

General

• Documentation: https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/
• Summary: Jira is a ticket management platform. This detector focuses on detecting API personal tokens.
• IPs allowlist: This feature is available for premium plans: the documentation can be found here.
• Scopes: Credentials' scopes are those of the user they belong to.

Revoke the secret

The secret can be revoked by revoking the token.

Check for suspicious activity

Access logs can be configured using this documentation.

Details for Jira Token

• Family: credentials

• Category: collaboration_tool

• Company: Atlassian

• High recall: False

• Validity check available: True

• Analyzer available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 3

• Occurrences found for one million commits: 0.49

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - jira
    - atlassian
    - confluence
    - bitbucket

Examples

- text: |
    @@ -0,0 +1,10 @@
    +package com.qa.jira;
    +
    +public class JiraUtil {
    +
    +	public static final String JIRA_URL = "https://ggfoundme.atlassian.net";
    +
    +	public static final String JIRA_USERNAME = "ggfoundme2007@gmail.com";
    +	public static final String JIRA_PASSWORD = "VDOheDe1sSCeGkuTARhkFDE2";
    +	public static final String JIRA_PROJECT = "VNTPRJCT12";
    +}

  host: https://ggfoundme.atlassian.net
  username: ggfoundme2007@gmail.com
  token: VDOheDe1sSCeGkuTARhkFDE2

- text: |
    +jira.myAccessToken=khEPIVYz26ZfGL9bYTEl4398
     jira.username=hi.myleak@gmail.com
     jira.sprintUri= https://leakyday.atlassian.net/rest

  token: khEPIVYz26ZfGL9bYTEl4398
  username: hi.myleak@gmail.com
  host: https://leakyday.atlassian.net
- text: |
    @@ -0,0 +1,10 @@ 
    +package com.qa.jira; 
    + 
    +public class JiraUtil { 
    + 
    +	public static final String JIRA_URL = "https://ggfoundme.atlassian.net"; 
    + 
    +	public static final String JIRA_USERNAME = "ggfoundme2007@gmail.com"; 
    +	public static final String JIRA_PASSWORD = "VDOheDe1sSCeGkuTARhkFDE2"; 
    +	public static final String JIRA_PROJECT = "VNTPRJCT12"; 
    +}

  host: https://ggfoundme.atlassian.net
  username: ggfoundme2007@gmail.com
  token: VDOheDe1sSCeGkuTARhkFDE2

- text: |
    +jira.myAccessToken=ATATT3xFfGF01k_7IfVNdJJYIJdVWSrBCa5zr4lOXmV01BouL2J2N59kpmhaX0Si3jUfpLg3q88BcmdXgXmCLagah-R4-xjDVVFBRJ3iMzdU2ixY2W5DGMwIu-_8_bsxW9Iap_gnhXt9UVtCTcZCFFRfgA8lAWENVnXwY1mSWZauN-9aknFJQZE=357C17F1
     jira.username=hi.myleak@gmail.com
     jira.sprintUri= https://leakyday.atlassian.net/rest

  token: ATATT3xFfGF01k_7IfVNdJJYIJdVWSrBCa5zr4lOXmV01BouL2J2N59kpmhaX0Si3jUfpLg3q88BcmdXgXmCLagah-R4-xjDVVFBRJ3iMzdU2ixY2W5DGMwIu-_8_bsxW9Iap_gnhXt9UVtCTcZCFFRfgA8lAWENVnXwY1mSWZauN-9aknFJQZE=357C17F1
  username: hi.myleak@gmail.com
  host: https://leakyday.atlassian.net

- text: |
    +jira.myAccessToken=ATATT3xFfGF01k_7IfVNdJJYIJdVWSrBCa5zr4lOXmV01BouL2J2N59kpmhaX0Si3jUfpLg3q88BcmdXgXmCLagah-R4-xjDVVFBRJ3iMzdU2ixY2W5DGMwIu-_8_bsxW9Iap_gnhXt9UVtCTcZCFFRfgA8lAWENVnXwY1mSWZauN-9aknFJQZE=357C17F1
     jira.username=hi.myleak@gmail.com
     jira.sprintUri= ${JIRA_URL:https://leakyday.atlassian.net/rest}

  token: ATATT3xFfGF01k_7IfVNdJJYIJdVWSrBCa5zr4lOXmV01BouL2J2N59kpmhaX0Si3jUfpLg3q88BcmdXgXmCLagah-R4-xjDVVFBRJ3iMzdU2ixY2W5DGMwIu-_8_bsxW9Iap_gnhXt9UVtCTcZCFFRfgA8lAWENVnXwY1mSWZauN-9aknFJQZE=357C17F1
  username: hi.myleak@gmail.com
  host: https://leakyday.atlassian.net

- text: |
    +jira.myAccessToken=ATATT3xFfGF01k_7IfVNdJJYIJdVWSrBCa5zr4lOXmV01BouL2J2N59kpmhaX0Si3jUfpLg3q88BcmdXgXmCLagah-R4-xjDVVFBRJ3iMzdU2ixY2W5DGMwIu-_8_bsxW9Iap_gnhXt9UVtCTcZCFFRfgA8lAWENVnXwY1mSWZauN-9aknFJQZE=357C17F1
     jira.username=hi.myleak@gmail.com
     jira.sprintUri= https://leakyday.atlassian.net:1234/rest

  token: ATATT3xFfGF01k_7IfVNdJJYIJdVWSrBCa5zr4lOXmV01BouL2J2N59kpmhaX0Si3jUfpLg3q88BcmdXgXmCLagah-R4-xjDVVFBRJ3iMzdU2ixY2W5DGMwIu-_8_bsxW9Iap_gnhXt9UVtCTcZCFFRfgA8lAWENVnXwY1mSWZauN-9aknFJQZE=357C17F1
  username: hi.myleak@gmail.com
  host: https://leakyday.atlassian.net:1234

Secret Analyzer

Analysis Method

• Provider allows scopes enumeration: False
• Total network call count: 3
• Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

• GET: /rest/api/3/mypermissions
• GET: /rest/api/3/myself
• GET: /rest/api/3/permissions

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.