It was found that the API server allows profiling. Profiling feature generates data to identify bottlenecks. This data can be used by attackers so unless there are bottlenecks it should not be turned on.
Recommended Mitigation
It is recommended to set the '--profiling' parameter in the configuration file to false.