Security Risk Category
windows-stemcell Security Risks
Published vulnerability pages connected to windows-stemcell. One risk can appear in multiple categories while keeping one canonical page.
windows-stemcell risks
Showing 2 of 2 published risks.
BOSH Windows Stemcell Builder SYSTEM Privilege Escalation Vulnerability
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Updated Jul 10, 2026
BOSH Windows Stemcell Builder Weak Random Password Vulnerability
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Updated Jul 10, 2026
