GobyVuls/Jenkins_args4j_file_read_vulnerability_(CVE-2024-23897).md

## 	Jenkins args4j file read vulnerability (CVE-2024-23897)

|   **Vulnerability**  | Jenkins args4j file read vulnerability (CVE-2024-23897)  |
| :----:   | :-----|
|  **Chinese name**  | 		Jenkins args4j 文件读取漏洞（CVE-2024-23897） |
| **CVSS core**  | 	9.8 |
| **FOFA Query**  (click to view the results directly)| [app="Jenkins"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJYLUplbmtpbnMiIHx8IGJhbm5lcj0iWC1KZW5raW5zIiB8fCBoZWFkZXI9IlgtSHVkc29uIiB8fCBiYW5uZXI9IlgtSHVkc29uIiB8fCBoZWFkZXI9IlgtUmVxdWlyZWQtUGVybWlzc2lvbjogaHVkc29uLm1vZGVsLkh1ZHNvbi5SZWFkIiB8fCBiYW5uZXI9IlgtUmVxdWlyZWQtUGVybWlzc2lvbjogaHVkc29uLm1vZGVsLkh1ZHNvbi5SZWFkIiB8fCBib2R5PSJKZW5raW5zLUFnZW50LVByb3RvY29scyI%3D)|
| **Number of assets affected**  | 		729753 |
| **Description**  | 	CloudBees Jenkins (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by American CloudBees Company. It is mainly used to monitor continuous software version release/test projects and some regularly executed tasks.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. |
| **Impact** | Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state. |

![](https://s3.bmp.ovh/imgs/2024/01/26/bb74a2a4f3c0cdbc.gif).