While successful exploitation does not require any authentication, it still requires user interaction which increases the attacks complexity.
Security researcher matanber discovered and reported the issue to GitLab via the HackerOne bug bounty platform.
It was patched on May 22, 2024, with versions 17.0.1, 16.11.3, and 16.10.6.
source: www.techworm.net
