MergerequestbypassCI/CDvariableexposurePrivilegeescalationHTMLinjectionImpropertokenrevocationPackageregistryArbitrarypipelineexecutionOAuth/ OIDCCodeownersbypassMavendependencyproxySAMLPagesdomainhijackSensitivedataexposure(Re)DoSLeaky rolepermissionsBannedusers notactuallybannedAIAuthnbypassCSRF /SSRFEmojisUserimpersonationCI/CDschedulingGraphQL../MergerequestbypassCI/CDvariableexposurePrivilegeescalationHTMLinjectionImpropertokenrevocationPackageregistryArbitrarypipelineexecutionOAuth/ OIDCCodeownersbypassMavendependencyproxySAMLPagesdomainhijackSensitivedataexposure(Re)DoSLeaky rolepermissionsBannedusers notactuallybannedAIAuthnbypassCSRF /SSRFEmojisUserimpersonationCI/CDschedulingGraphQL../

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Merge request bypass
  2. CI/CD variable exposure
  3. Privilege escalation
  4. HTML injection
  5. Improper token revocation
  6. Package registry
  7. Arbitrary pipeline execution
  8. OAuth / OIDC
  9. Codeowners bypass
  10. Maven dependency proxy
  11. SAML
  12. Pages domain hijack
  13. Sensitive data exposure
  14. (Re)DoS
  15. Leaky role permissions
  16. Banned users not actually banned
  17. AI
  18. Authn bypass
  19. CSRF / SSRF
  20. Emojis
  21. User impersonation
  22. CI/CD scheduling
  23. GraphQL
  24. ../