It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request