MavendependencyproxyCSRF /SSRFPrivilegeescalationEmojisPagesdomainhijackCI/CDscheduling../ImpropertokenrevocationOAuth/ OIDCArbitrarypipelineexecutionUserimpersonationBannedusers notactuallybannedCI/CDvariableexposureAuthnbypassSensitivedataexposureCodeownersbypassSAMLHTMLinjectionMergerequestbypassAI(Re)DoSLeaky rolepermissionsPackageregistryGraphQLMavendependencyproxyCSRF /SSRFPrivilegeescalationEmojisPagesdomainhijackCI/CDscheduling../ImpropertokenrevocationOAuth/ OIDCArbitrarypipelineexecutionUserimpersonationBannedusers notactuallybannedCI/CDvariableexposureAuthnbypassSensitivedataexposureCodeownersbypassSAMLHTMLinjectionMergerequestbypassAI(Re)DoSLeaky rolepermissionsPackageregistryGraphQL

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Maven dependency proxy
  2. CSRF / SSRF
  3. Privilege escalation
  4. Emojis
  5. Pages domain hijack
  6. CI/CD scheduling
  7. ../
  8. Improper token revocation
  9. OAuth / OIDC
  10. Arbitrary pipeline execution
  11. User impersonation
  12. Banned users not actually banned
  13. CI/CD variable exposure
  14. Authn bypass
  15. Sensitive data exposure
  16. Codeowners bypass
  17. SAML
  18. HTML injection
  19. Merge request bypass
  20. AI
  21. (Re)DoS
  22. Leaky role permissions
  23. Package registry
  24. GraphQL