AuthnbypassLeaky rolepermissionsSensitivedataexposureCodeownersbypassAIMergerequestbypass(Re)DoSPagesdomainhijackImpropertokenrevocationArbitrarypipelineexecutionCI/CDvariableexposurePrivilegeescalationUserimpersonationCI/CDschedulingEmojisSAMLGraphQLBannedusers notactuallybanned../PackageregistryMavendependencyproxyCSRF /SSRFOAuth/ OIDCHTMLinjectionAuthnbypassLeaky rolepermissionsSensitivedataexposureCodeownersbypassAIMergerequestbypass(Re)DoSPagesdomainhijackImpropertokenrevocationArbitrarypipelineexecutionCI/CDvariableexposurePrivilegeescalationUserimpersonationCI/CDschedulingEmojisSAMLGraphQLBannedusers notactuallybanned../PackageregistryMavendependencyproxyCSRF /SSRFOAuth/ OIDCHTMLinjection

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Authn bypass
  2. Leaky role permissions
  3. Sensitive data exposure
  4. Codeowners bypass
  5. AI
  6. Merge request bypass
  7. (Re)DoS
  8. Pages domain hijack
  9. Improper token revocation
  10. Arbitrary pipeline execution
  11. CI/CD variable exposure
  12. Privilege escalation
  13. User impersonation
  14. CI/CD scheduling
  15. Emojis
  16. SAML
  17. GraphQL
  18. Banned users not actually banned
  19. ../
  20. Package registry
  21. Maven dependency proxy
  22. CSRF / SSRF
  23. OAuth / OIDC
  24. HTML injection