B
75/100 First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
1
Score
75/100
CRITICAL 1
Findings (1)
CRITICAL
Cloud credential endpoint
L483 Detects cloud provider token and credential endpoints
oauth2.googleapis.com/token FIX
Block access to cloud instance metadata services using IMDSv2 token requirements, network rules, or iptables. This is a critical vector for credential theft in cloud environments.
FP?
Likely FP if the match is in security documentation explaining how to protect against SSRF/IMDS attacks rather than code that accesses the metadata service.