Skip to main content

CVE-2024-1597

CVE-2024-1597

Postgres JDBC Driver Vulnerability

This issue is patched in versions 4.17.5 and 5.1.1. After patching the server version ensure that any Enterprise Runner instance are also updated to the latest version.

If patching to one of these versions is not possible immediately* customers should check for the use of PreferQueryMode=SIMPLE in two key areas:

  • If Postgres is used as the database backend for Rundeck/Runbook Automation Self-Hosted confirm that the database connection strings are not leveraging that setting.
  • Check any jobs using the SQL Run Step plugin to ensure the string above is not used.

*Upgrade Recommended

It is still highly recommended to update the server and Enterprise Runners to the patched versions if using Postgres.