When switching from a project visibility that allows restricted users to
Private without restricted, restricted users that are project administrators keep this access right.
Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions.
CVSSv3.1 score: 4.1 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)
OWASP Top 10 Broken Access Control