Checkmarx warned that a rogue version of its Jenkins AST plugin was published on the Jenkins Marketplace after TeamPCP compromised its GitHub repositories and used stolen credentials to push malicious code. The company advised users to verify they are running the legitimate plugin version, rotate secrets, and investigate for credential theft, persistence, or lateral movement. #Checkmarx #Jenkins #TeamPCP #Trivy #KICS
Keypoints
- A rogue Checkmarx Jenkins AST plugin was uploaded to the Jenkins Marketplace.
- TeamPCP claimed responsibility for the supply-chain compromise.
- Stolen credentials from the Trivy breach were used to access Checkmarx GitHub repositories.
- The malicious plugin was published outside the official release pipeline with no git tag or GitHub release.
- Checkmarx advised users to rotate secrets, investigate compromise, and use the safe plugin version.