Attackers can extract valid OAuth2 tokens.
Here is an analysis and explanation of the content, decoding the structure and explaining the security implications. Attackers can extract valid OAuth2 tokens
for securely validating webhook URLs to prevent these SSRF attacks? How Orca Found SSRF Vulnerabilities in 4 Azure Services Attackers can extract valid OAuth2 tokens
: The metadata service responds with an OAuth2 token, along with other details such as token expiration. Attackers can extract valid OAuth2 tokens
The presence of this URL inside a parameter named webhook-url suggests that an attacker is attempting to trick the server into making an HTTP request to itself (or the cloud metadata endpoint).