In versions of Puppet Enterprise prior to 2016.4.0 there was unauthenticated access to the environment catalogs which may reveal sensitive information about your infrastructure if you are using Application Orchestration. This has been resolved in PE 2016.4.0.
Affected Software Versions:
Resolved in: