AIBannedusers notactuallybannedArbitrarypipelineexecutionCI/CDschedulingSAML(Re)DoSPrivilegeescalationAuthnbypassPagesdomainhijackOAuth/ OIDCCodeownersbypassPackageregistryImpropertokenrevocationMergerequestbypassHTMLinjectionEmojisUserimpersonationCI/CDvariableexposure../SensitivedataexposureGraphQLCSRF /SSRFMavendependencyproxyLeaky rolepermissionsAIBannedusers notactuallybannedArbitrarypipelineexecutionCI/CDschedulingSAML(Re)DoSPrivilegeescalationAuthnbypassPagesdomainhijackOAuth/ OIDCCodeownersbypassPackageregistryImpropertokenrevocationMergerequestbypassHTMLinjectionEmojisUserimpersonationCI/CDvariableexposure../SensitivedataexposureGraphQLCSRF /SSRFMavendependencyproxyLeaky rolepermissions

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. AI
  2. Banned users not actually banned
  3. Arbitrary pipeline execution
  4. CI/CD scheduling
  5. SAML
  6. (Re)DoS
  7. Privilege escalation
  8. Authn bypass
  9. Pages domain hijack
  10. OAuth / OIDC
  11. Codeowners bypass
  12. Package registry
  13. Improper token revocation
  14. Merge request bypass
  15. HTML injection
  16. Emojis
  17. User impersonation
  18. CI/CD variable exposure
  19. ../
  20. Sensitive data exposure
  21. GraphQL
  22. CSRF / SSRF
  23. Maven dependency proxy
  24. Leaky role permissions