OAuth/ OIDCLeaky rolepermissionsEmojisCSRF /SSRFCodeownersbypassPrivilegeescalationAuthnbypassImpropertokenrevocationMergerequestbypassHTMLinjectionCI/CDschedulingSensitivedataexposureAIGraphQLPackageregistryCI/CDvariableexposureArbitrarypipelineexecutionPagesdomainhijackBannedusers notactuallybannedMavendependencyproxy../UserimpersonationSAML(Re)DoSOAuth/ OIDCLeaky rolepermissionsEmojisCSRF /SSRFCodeownersbypassPrivilegeescalationAuthnbypassImpropertokenrevocationMergerequestbypassHTMLinjectionCI/CDschedulingSensitivedataexposureAIGraphQLPackageregistryCI/CDvariableexposureArbitrarypipelineexecutionPagesdomainhijackBannedusers notactuallybannedMavendependencyproxy../UserimpersonationSAML(Re)DoS

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. OAuth / OIDC
  2. Leaky role permissions
  3. Emojis
  4. CSRF / SSRF
  5. Codeowners bypass
  6. Privilege escalation
  7. Authn bypass
  8. Improper token revocation
  9. Merge request bypass
  10. HTML injection
  11. CI/CD scheduling
  12. Sensitive data exposure
  13. AI
  14. GraphQL
  15. Package registry
  16. CI/CD variable exposure
  17. Arbitrary pipeline execution
  18. Pages domain hijack
  19. Banned users not actually banned
  20. Maven dependency proxy
  21. ../
  22. User impersonation
  23. SAML
  24. (Re)DoS