Gitlab leaks names of private groups

Summary

Gitlab leaks the names of all groups which have at least 1 project to non-authenticated users via the publicly accessible /explore/groups. Group names might be sensitive if Gitlab is mainly used internally but accessible through a public interface. This includes private groups, which have 0 public projects and at least 1 private project.

Steps to reproduce

1. Create group
2. Create non-public project in group
3. Log out
4. Visit /explore/groups

Expected behavior

Groups that do not have any public projects are private and their name should not be exposed.

Output of checks

Does not apply.

Possible fixes

Do not expose groups that have 0 public projects.