Skip to content

Private group listing available to public

ZD: https://gitlab.zendesk.com/agent/tickets/15197
GitLab: 8.4.2

Description:

My installation of GitLab EE appears to be leaking a listing of groups to the public.

Steps to reproduce:

  1. Create a bunch of groups
  2. Add projects with public access to each group
  3. Change the access level to private/internal on all projects
  4. Browse to /explore/groups on the GitLab server without being logged in

Expected results:

The listing should not include groups with no public projects.

Internal Note: The original ticket has an example link. Please view it through ZD.

/cc @vsizov