Globally suppressed users should be treated like they don't exist, but Special:GlobalUserRights reveals the existence of them. See related T276306: CVE-2021-30156: Special:Contributions toolbar reveals existence of hidden users and T270453: CVE-2021-30153: ApiVisualEditor leaks info about hidden users.
Steps to reproduce
- Globally suppress an account, e.g. Some Account.
- Goto Special:GlobalUserRights/Some Account, where Some Account is that globally suppressed account.
Expected result
Actual result
(screenshots were taken on beta cluster)