GitHub Pull Request Builder Plugin before 1.40.0 stored GitHub credentials in build.xml files as part of serialized Java objects. 1.40.0 stopped doing so, but does not remove previously serialized data.
See the 2018-03-26 Jenkins security advisory.
The script in this repository will attempt to save old build records again, scrubbing the credentials from disk.
We strongly recommend that old access tokens be revoked even if running this script.
- Navigate to Manage Jenkins » Script Console
- Paste the entire content of the
script.groovyin this repository into the text box. - Read the output and act on instructions as necessary.