Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
[
{
"product": "Octopus Server",
"vendor": "Octopus Deploy",
"versions": [
{
"status": "affected",
"version": "<"
}
]
}
]