Maximum-severity GitLab flaw allowing account hijacking under active exploitation ( arstechnica.com )