UserimpersonationHTMLinjectionCodeownersbypassMergerequestbypassMavendependencyproxyCSRF /SSRFCI/CDvariableexposurePrivilegeescalationGraphQLBannedusers notactuallybanned../AuthnbypassAIPackageregistrySAMLLeaky rolepermissionsOAuth/ OIDCPagesdomainhijackArbitrarypipelineexecutionImpropertokenrevocationEmojisCI/CDschedulingSensitivedataexposure(Re)DoSUserimpersonationHTMLinjectionCodeownersbypassMergerequestbypassMavendependencyproxyCSRF /SSRFCI/CDvariableexposurePrivilegeescalationGraphQLBannedusers notactuallybanned../AuthnbypassAIPackageregistrySAMLLeaky rolepermissionsOAuth/ OIDCPagesdomainhijackArbitrarypipelineexecutionImpropertokenrevocationEmojisCI/CDschedulingSensitivedataexposure(Re)DoS

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. User impersonation
  2. HTML injection
  3. Codeowners bypass
  4. Merge request bypass
  5. Maven dependency proxy
  6. CSRF / SSRF
  7. CI/CD variable exposure
  8. Privilege escalation
  9. GraphQL
  10. Banned users not actually banned
  11. ../
  12. Authn bypass
  13. AI
  14. Package registry
  15. SAML
  16. Leaky role permissions
  17. OAuth / OIDC
  18. Pages domain hijack
  19. Arbitrary pipeline execution
  20. Improper token revocation
  21. Emojis
  22. CI/CD scheduling
  23. Sensitive data exposure
  24. (Re)DoS