A flaw was found where the metrics API endpoints of Puppet Server and PuppetDB leaked sensitive information to the local network. Listening to these network endpoints could allow attackers the ability to exploit additional computer systems. The highest impact of this flaw is confidentiality.
Disable the trapperkeeper-metrics /v1 metrics API