Forum Discussion

New Contributor

12 months ago

CVE-2024-6387 in SCIM Bridge

According to our vulnerability scanning tool (Wiz), the 1Password SCIM Bridge is vulnerable to the OpenSSH issue detailed in the CVE above. This vulnerability appears to be present even after upg...

scim

hemal_g_1p

1Password Team

12 months ago

Hi jay33sx

Thanks for reaching out.

The 1Password SCIM bridge is built on a distroless image that only contains the necessary tooling to run the SCIM bridge, which does not include OpenSSH. The SCIM bridge image itself is not affected by this vulnerability.

With that, the cloud provider which you might be using to host your SCIM bridge may include the OpenSSH binary in the cloud hosting provider nodes(or host) which is housing your SCIM bridge.

For example the instances on GCP which are running a Linux based OS, here is the guideline to resolve the issue.

Forum Discussion

CVE-2024-6387 in SCIM Bridge

Recent Discussions

Save one-time password prompt

Webauthn Integration Not Working URL mismatch?

Confirm Password Forms

SSH Agent Config File Order is Dependent on File Ending With Extra Newline

1Password fails to prompt for approval when using Hyprland