ArbitrarypipelineexecutionGraphQL(Re)DoSLeaky rolepermissionsSAMLOAuth/ OIDCMavendependencyproxyHTMLinjectionCodeownersbypassSensitivedataexposureMergerequestbypassPackageregistryCSRF /SSRFPrivilegeescalationBannedusers notactuallybannedImpropertokenrevocationAIEmojisCI/CDscheduling../CI/CDvariableexposureUserimpersonationPagesdomainhijackAuthnbypassArbitrarypipelineexecutionGraphQL(Re)DoSLeaky rolepermissionsSAMLOAuth/ OIDCMavendependencyproxyHTMLinjectionCodeownersbypassSensitivedataexposureMergerequestbypassPackageregistryCSRF /SSRFPrivilegeescalationBannedusers notactuallybannedImpropertokenrevocationAIEmojisCI/CDscheduling../CI/CDvariableexposureUserimpersonationPagesdomainhijackAuthnbypass

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Arbitrary pipeline execution
  2. GraphQL
  3. (Re)DoS
  4. Leaky role permissions
  5. SAML
  6. OAuth / OIDC
  7. Maven dependency proxy
  8. HTML injection
  9. Codeowners bypass
  10. Sensitive data exposure
  11. Merge request bypass
  12. Package registry
  13. CSRF / SSRF
  14. Privilege escalation
  15. Banned users not actually banned
  16. Improper token revocation
  17. AI
  18. Emojis
  19. CI/CD scheduling
  20. ../
  21. CI/CD variable exposure
  22. User impersonation
  23. Pages domain hijack
  24. Authn bypass