id: http-etcd-unauthenticated-api-data-leak info: name: etcd Unauthenticated HTTP API Leak author: dhiyaneshDk severity: high reference: - https://hackerone.com/reports/1088429 tags: misconfig,hackerone,unauth,etcd requests: - method: GET path: - "{{BaseURL}}/v2/auth/roles" matchers-condition: and matchers: - type: word part: body words: - '"roles"' - '"permissions"' - '"role"' - '"kv"' condition: and - type: word part: header words: - "text/plain" - "application/json" condition: or - type: status status: - 200