The host is installed with Gitlab-ee 10.5.x through 12.3.8, 12.4.x through 12.4.5 or 12.5.x through 12.5.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a issue in the Group Search API provided by the Elasticsearch integration. Successful exploitation allows attackers to diclose private code, when transferring a public project to a private group.