id: http-etcd-unauthenticated-api-data-leak info: name: etcd Unauthenticated HTTP API Leak author: dhiyaneshDk severity: high reference: - https://hackerone.com/reports/1088429 tags: unauth requests: - method: GET path: - "{{BaseURL}}/v2/auth/roles" matchers-condition: and matchers: - type: word words: - '"roles"' - '"permissions"' - '"role"' - '"kv"' condition: and part: body - type: status status: - 200 - type: word part: header words: - "text/plain"