Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.
[
{
"product": "Windows2012R2 stemcell",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to 1200.17"
}
]
}
]