GitLab: Subdomain takeover in Gitlab pages

The vulnerability allowed an attacker to take over a dangling custom domain pointing to GitLab Pages using "instanceX.gitlab.io". The problem arose when adding a custom domain to GitLab Pages without verifying the domain, as it would still serve content for 7 days before being disabled...