etcd, when installed on Red Hat Enterprise Linux Atomic Host on non-cloud environments, is exposed to the world and it does not enable authentication by default. A remote attacker could exploit this to access passwords, secret keys and other data. Additional References: https://www.theregister.co.uk/2018/03/20/etcd_defaults_to_insecure/ https://arstechnica.com/information-technology/2018/03/thousands-of-servers-found-leaking-750-mb-worth-of-passwords-and-keys/
Mitigation: Configure a firewall to prevent etcd from being exposed to the world and enable TLS authentication for both clients and servers. When Red Hat Enterprise Linux Atomic Host is installed in a cloud environment an external firewall is usually applied.
Closing as NOTABUG since no sensitive information is stored by default in etcd when used in this configuration.