Official CheckMarx Jenkins package compromised with infostealer
Summary
Checkmarx has reported that a malicious version of its Jenkins Application Security Testing (AST) plugin was compromised and published on the Jenkins Marketplace. This rogue plugin was found to contain an infostealer capable of stealing API tokens, user credentials, and other sensitive information from Jenkins servers. The company has since removed the compromised plugin and is urging users to update to the latest secure version and to check for any signs of compromise.
IFF Assessment
The compromise of a widely used security tool's plugin introduces a significant risk, potentially allowing attackers to gain unauthorized access to sensitive data and systems.
Defender Context
This incident highlights the critical importance of supply chain security for software development tools. Defenders should be vigilant about verifying the integrity of plugins and software used in their CI/CD pipelines, and proactively monitor for any suspicious activity or unexpected behavior from these tools.