KKeensafeBreach & Attack Sim
← All scenarios

bas-005 — Exposed Jenkins → secret leak → cloud pivot

critical · risk 88 · Supply chain

Jenkins admin credentials are weak and build logs leak fake AWS keys. Stolen keys pivot into S3 + IAM.

MITRE & OWASP

T1078.004T1552.001 Credentials in FilesT1199 Trusted Relationship A05:2021 Security Misconfiguration

Preconditions

  • jenkins.keensafeglobalbank.com reachable
  • ENABLE_PUBLIC_VULN_APPS=true OR allowlist hit

Attack path

  1. attacker — Login admin / Jenkins123!
  2. attacker — Browse build console output
  3. attacker — Extract AKIA / SECRET pair
  4. attacker — List S3 keensafe-public-assets-eu-west-1 (lab sim)

Run

Running emits evidence JSON; no real exploitation runs.

View latest evidence 
(no output yet — click Simulate)

Remediation

Rotate creds; remove secrets from build logs; mask plugin; SSO + 2FA.