Vulnerability in Popular Software, What Does This Mean for Your SMB?

Recently, an insecure version of a widely used software extension, the Checkmarx Jenkins AST plugin, was discovered and distributed. This extension is used to make software development more secure, but an incorrect version can pose a risk. The software's security team, Checkmarx, has confirmed the news and strongly advises all users to install the secure version.

What exactly is happening? Attackers have placed a modified, insecure version of the plugin in the official 'store' where companies obtain extensions for their development environments. This allows unsuspecting users to accidentally install the malicious version. This malicious version can steal information or grant unauthorized access to systems.

Checkmarx emphasizes the importance of verifying which version of the plugin is currently in use. The secure version recommended is '2.0.13-829.vc72453fa_1c16', released on December 17, 2025. If your company uses this plugin, check immediately if you have the correct version installed. Older versions may still be secure, but the latest secure version offers the best protection.

What does this concretely mean for SMB companies?

Many SMB companies use similar software environments to develop their own services or products. Even if you do not directly use the Checkmarx Jenkins AST plugin, this is an important signal. It shows that even software intended for security can itself be compromised. It is therefore crucial to:

1. Keep software up-to-date: Ensure all software, including plugins and extensions, is regularly updated to the latest secure versions.
2. Vet vendors: Entrust production software to vendors known for their reliability and security measures.
3. Regularly audit: Take the time to check which software and plugins your company uses and whether they meet the latest security requirements. If in doubt, contact your IT partner.

This situation underscores the importance of cybersecurity vigilance. A small vulnerability can have significant consequences. By acting proactively and maintaining your systems diligently, you minimize risks.