CVE-2024-6387 in SCIM Bridge

Question

According to our vulnerability scanning tool (Wiz), the 1Password SCIM Bridge is vulnerable to the OpenSSH issue detailed in the CVE above.

This vulnerability appears to be present even after upgrading to the latest version of the SCIM bridge, 2.9.5. Are there plans to update the image to address this CVE, and does anyone know when this might be released?

(Did search for the CVE number, but didn't get any results)

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

hemal_g_1p · Answer

Hi jay33sx

Thanks for reaching out.

The 1Password SCIM bridge is built on a distroless image that only contains the necessary tooling to run the SCIM bridge, which does not include OpenSSH. The SCIM bridge image itself is not affected by this vulnerability.

With that, the cloud provider which you might be using to host your SCIM bridge may include the OpenSSH binary in the cloud hosting provider nodes(or host) which is housing your SCIM bridge.

For example the instances on GCP which are running a Linux based OS, here is the guideline to resolve the issue.

Forum Discussion

CVE-2024-6387 in SCIM Bridge

1 Reply

Recent Discussions

Mac client v8.10.80 released June 10 2025 is painfully slow

Win11 -> WSL2 -> devcontainer ssh-add not accessible anymore

SSH agent isn't working (Windows 11)

Service Account Permissions Issue: Vault Access Restricted to Read-Only

Remove url from item via CLI?