CHECKMARX JENKINS PLUGIN COMPROMISED WITH INFOSTEALER

Checkmarx security researchers identified the compromised plugin over the weekend and immediately notified the Jenkins community. The malicious version was hosted on the legitimate Jenkins Marketplace, making it difficult for users to distinguish from the official release. The infostealer payload was designed to extract credentials, environment variables, and other sensitive information from compromised systems. Jenkins environments are common targets due to their access to build pipelines, source code repositories, and deployment credentials. Immediate Actions Checkmarx confirmed the plugin has been removed from the Jenkins Marketplace. The company released a statement urging users to: - Audit their Jenkins instances for the malicious plugin - Remove any suspicious versions immediately - Rotate exposed credentials - Review build logs and pipeline activity for unauthorized access Jenkins maintainers were notified and security advisories were published. Users who installed the compromised package face potential exposure of their build infrastructure and connected systems. Investigation Details The exact attack vector used to compromise the official plugin repository remains under investigation. Security researchers are analyzing the malware to determine its full capabilities and any data that may have been exfiltrated. This incident underscores the ongoing risk of supply chain attacks targeting development tools. Jenkins plugins are widely deployed across enterprise CI/CD pipelines, making them attractive targets for threat actors seeking access to sensitive infrastructure. Recommendations Users should verify plugin sources and enable Jenkins security scanning. Organizations are advised to implement strict access controls on Jenkins instances and monitor plugin installations carefully. The Jenkins community has called for enhanced vetting procedures for marketplace submissions to prevent similar incidents.