B
85/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
85/100
HIGH 1
Findings (1)
HIGH
Cloud credential endpoint
L77 Detects cloud provider token and credential endpoints
oauth2.googleapis.com/token FIX
Block access to cloud instance metadata services using IMDSv2 token requirements, network rules, or iptables. This is a critical vector for credential theft in cloud environments.
FP?
Likely FP if the match is in security documentation explaining how to protect against SSRF/IMDS attacks rather than code that accesses the metadata service.