Atlassian API token

jira_token

Severity

high

Vendor

Atlassian

Family

API Token

Description

An Atlassian API token allows authentication with an Atlassian cloud product (Jira, Confluence and Jira Align).

Security

A leak of an Atlassian API token can allow an attacker to perform actions on your behalf, including impersonating you to generate false content or access potentially sensitive information.

This detector can find tokens created after January 2023.

Examples

The following code snippet shows an example of a JIRA API token.

jira_host  = example.atlassian.net
jira_email = my.user@example.com
jira_token = ATATT3xFfGF0...B1F03

Mitigation / Fix

Follow your policy for handling leaked secrets, which typically require revoking or renewing the token in the Atlassian Manage Profile > API tokens. Click the Revoke link (or Revoke all API tokens), and then click the Create API token button.
Remove the leaked API token from the source code or committed configuration file. Environment variables, local files or secret vaults could be used for passing the secret, instead of hardcoding the value, as documented in How to Prevent Hard-Coded Secrets.
Check access logs to ensure that the secret was not used by unintended actors during the compromised period.

You should consider any sensitive data in commits with secrets as compromised.

Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories.

Reference

Manage API tokens for your Atlassian account