GitLab not enforcing any permissions

So interesting situation, I’m taking over as the sys admin for a GitLab instance in an air-gapped environment. I was surprised to discover they had installed GitLab EE 12.9.0-ee but never bought a license. When asked, their intent was to use the CE version, but they just dealt with installing the EE version instead.

Issue: Non-Admin users (all of them) have access to see private groups, subgroups, and repositories for which they are not part of.

Background: I am one of only a few users in the Administrators group. I created a new group, subgroup, and repository as private. I did not add any other person except myself as a member. I verified that I am the only member in the group, subgroup, and repo, and they’re all listed as private. I have verified that many users can see the contents of the group, subgroup, and most importantly, the contents of the private repo.

Question: Is there a issue with running an unlicensed EE version of Gitlab that foregoes permissions? Or is there something else I should be looking for? I have administed GitLab CE for years and am very familiar with it and all its configurations.

AFAIU, GitLab EE without license is functionally identical to CE.