Somehow, I feel that GitLab should have been more alerting with this and gathered information on how to clean the instance that was exploited.
I got three users added 1/11 as admin and also 3 api tokens created under my admin account that I revoked.
Ive been running gitlab in a docker instance, how does it work with uploaded files, are they deleted when i shutdown and upgrade to the latest version or do I need to manually remove some uploaded images now?
Also, another thing I dont quite get with this exploit, how is it possible that someone who doesnt have a account on my gitlab instance which is closed for signups can upload image files without being logged in?