0
0
Jenkinsdevops~5 mins

CSRF protection in Jenkins - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What does CSRF stand for in Jenkins security?
CSRF stands for Cross-Site Request Forgery. It is a type of attack where unauthorized commands are transmitted from a user that the web application trusts.
Click to reveal answer
beginner
How does Jenkins protect against CSRF attacks by default?
Jenkins uses a CSRF protection mechanism called a 'crumb'. It generates a unique token (crumb) for each user session that must be included in POST requests to verify the request is legitimate.
Click to reveal answer
intermediate
What is a Jenkins crumb in the context of CSRF protection?
A Jenkins crumb is a unique token generated per user session. It must be sent with POST requests to Jenkins to prove the request is from a trusted source and not a CSRF attack.
Click to reveal answer
intermediate
How can you disable CSRF protection in Jenkins, and why is it not recommended?
You can disable CSRF protection in Jenkins by unchecking 'Prevent Cross Site Request Forgery exploits' in the Configure Global Security settings. It is not recommended because it exposes Jenkins to CSRF attacks, risking unauthorized actions.
Click to reveal answer
advanced
How do Jenkins API clients handle CSRF protection when making POST requests?
Jenkins API clients must first request a crumb from the Jenkins server and include it in the header of POST requests. This crumb proves the request is legitimate and prevents CSRF attacks.
Click to reveal answer
What is the purpose of the Jenkins crumb in CSRF protection?
ATo verify that POST requests come from a trusted user session
BTo encrypt Jenkins passwords
CTo speed up Jenkins builds
DTo store Jenkins job configurations
Where do you configure CSRF protection settings in Jenkins?
AManage Jenkins > Credentials
BManage Jenkins > System Information
CManage Jenkins > Plugin Manager
DManage Jenkins > Configure Global Security
What happens if you disable CSRF protection in Jenkins?
AJenkins automatically updates plugins
BJenkins becomes vulnerable to unauthorized commands from attackers
CJenkins disables all POST requests
DJenkins runs faster
How do Jenkins API clients obtain the crumb token?
ABy reading the Jenkins log files
BBy logging into Jenkins UI
CBy sending a GET request to /crumbIssuer/api/json
DBy installing a Jenkins plugin
Which HTTP method requires the Jenkins crumb token to prevent CSRF?
APOST
BGET
CHEAD
DOPTIONS
Explain what CSRF protection is in Jenkins and how the crumb mechanism works.
Think about how Jenkins ensures requests come from trusted users.
You got /3 concepts.
    Describe the risks of disabling CSRF protection in Jenkins and when you might need to configure it.
    Consider what happens if attackers can send unauthorized commands.
    You got /3 concepts.