In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.Referenceshttps://github.com/OctopusDeploy/Issues/issues/5810
