Checkmarx Jenkins AST Plugin Hit by Supply Chain Attack
A malicious version of the Checkmarx Jenkins AST Plugin was published to the Jenkins Marketplace last week, according to SecurityWeek. This incident represents a direct supply chain compromise, where attackers injected malicious code into a legitimate software component used by development teams. The compromised plugin could allow attackers to gain unauthorized access within CI/CD pipelines, a critical vector for broader system compromise.
Organizations leveraging Jenkins for their CI/CD processes and integrating Checkmarx AST for security scanning are directly exposed. The malicious plugin, once installed, could execute arbitrary code, exfiltrate sensitive data, or introduce backdoors into build artifacts. This type of attack is particularly insidious because it targets the trusted software development lifecycle, bypassing traditional perimeter defenses by compromising a legitimate tool.
Defenders must immediately audit their Jenkins environments. Any instance of the Checkmarx Jenkins AST Plugin needs to be verified for integrity. Revert to a known good version, if available, or remove the plugin until a clean, verified update is provided by Checkmarx. Assume compromise if the malicious version was ever active in your environment and initiate incident response procedures for any affected CI/CD pipelines and downstream systems.
What This Means For You
- If your organization uses Jenkins and the Checkmarx AST Plugin, you need to verify the integrity of your installed plugin versions immediately. Prioritize checking your CI/CD pipelines for any signs of unauthorized access or code tampering. Assume compromise if the malicious version was present and revoke credentials used by affected pipelines.
Related ATT&CK Techniques
๐ก๏ธ Detection Rules
3 rules ยท 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free โ export to any SIEM format via the Intel Bot.
Supply Chain Compromise - Malicious Checkmarx Jenkins AST Plugin
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| Checkmarx-Jenkins-AST-Plugin-Compromise | Supply Chain Attack | Checkmarx Jenkins AST Plugin |
| Checkmarx-Jenkins-AST-Plugin-Compromise | Supply Chain Attack | Malicious version of Checkmarx Jenkins AST Plugin published to Jenkins Marketplace |
Written by SCW Vulnerability Desk
Related coverage on
SailPoint GitHub Repository Hacked, No Customer Data Impacted
SailPoint recently disclosed a security incident involving unauthorized access to one of its GitHub repositories. The breach, which occurred on April 20, exposed some source...
New 'Dirty Frag' Linux Vulnerability Exploited Pre-Patch
A critical Linux vulnerability, dubbed 'Dirty Frag' and also known as 'Copy Fail 2,' has reportedly been exploited in the wild *before* a patch was...
cPanel, WHM Patch Three New Vulnerabilities: Privilege Escalation, RCE Risks
cPanel has rolled out critical updates for cPanel and Web Host Manager (WHM), addressing three distinct vulnerabilities. According to The Hacker News, these flaws could...