"Publicly accessible deploy keys" shows keys from other users and leaks name of private repository
Summary
At https://gitlab.com/claasaug/test-deploy-key/settings/repository#js-deploy-keys-settings, I can see a list of 15 publicly accessible deploy keys with their project usage.
Apart from the fact that I probably shouldn't see these keys, at least one of the projects appears to be private, namely pinocchio / skd
(i.e. pinocchio/skd is not accessible).
Steps to reproduce
- Create project.
- Go to "Settings" > "Repository" > "Deploy Keys" > "Publicly accessible deploy keys"
Example Project
(See above.)
What is the current bug behavior?
- Deploy keys from other users are displayed.
- The name of a project I don't have access to is shown.
What is the expected correct behavior?
- The deploy keys shouldn't be displayed.
- Projects that I don't have access to shouldn't be listed.
Relevant logs and/or screenshots
(Not applicable.)
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
(Not applicable.)
Results of GitLab application Check
(Not applicable.)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)