It is possible for anyone to know if private project exists or not in public/private groups if they can guess the project names correctly.
Description: Using markdown feature, we can form a comment which will allow us to know if the private project is exists within a group or not.
PrivateProjectbut this user doesnt have any access to
Just form a url like
[Click](https://gitlab.com/PublicGroup/PrivateProject/issues/1) and comment.
Now hover over the Click link text. Notice the status bar (bottom left) of your browser. This will show you the link of your currect project with /click appended to the url.
Now just make a wrong guess
Now hover over again on Click link text and you will notice that the wrong link shows in the browser status bar as it is.
So we can say, if we can guess the project name correctly, it shows current project link.
If we guess it wrong, the link appears as it is.
So the conclusion is, if link appears as it is on browser status bar, project DOES NOT exists in the group. If link appears of current project, then project Exists in the group!
Know whether private project name exists within a group or not