Over 5,300 Gitlab servers exposed to zero-click account takeover attacks

CVSS 10... does not bypass MFA though at least. Still sucks for those who went the hosted option over SaaS.