SAMLUserimpersonationHTMLinjectionArbitrarypipelineexecutionCSRF /SSRFMergerequestbypassPagesdomainhijackImpropertokenrevocation../PrivilegeescalationEmojisLeaky rolepermissionsAIGraphQLCodeownersbypassSensitivedataexposureMavendependencyproxyOAuth/ OIDCBannedusers notactuallybannedCI/CDscheduling(Re)DoSAuthnbypassCI/CDvariableexposurePackageregistrySAMLUserimpersonationHTMLinjectionArbitrarypipelineexecutionCSRF /SSRFMergerequestbypassPagesdomainhijackImpropertokenrevocation../PrivilegeescalationEmojisLeaky rolepermissionsAIGraphQLCodeownersbypassSensitivedataexposureMavendependencyproxyOAuth/ OIDCBannedusers notactuallybannedCI/CDscheduling(Re)DoSAuthnbypassCI/CDvariableexposurePackageregistry

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. SAML
  2. User impersonation
  3. HTML injection
  4. Arbitrary pipeline execution
  5. CSRF / SSRF
  6. Merge request bypass
  7. Pages domain hijack
  8. Improper token revocation
  9. ../
  10. Privilege escalation
  11. Emojis
  12. Leaky role permissions
  13. AI
  14. GraphQL
  15. Codeowners bypass
  16. Sensitive data exposure
  17. Maven dependency proxy
  18. OAuth / OIDC
  19. Banned users not actually banned
  20. CI/CD scheduling
  21. (Re)DoS
  22. Authn bypass
  23. CI/CD variable exposure
  24. Package registry