PagesdomainhijackCSRF /SSRFCI/CDvariableexposureCI/CDschedulingPackageregistryAICodeownersbypass../ArbitrarypipelineexecutionLeaky rolepermissionsImpropertokenrevocationMergerequestbypassHTMLinjectionOAuth/ OIDCUserimpersonationSAMLEmojis(Re)DoSSensitivedataexposureMavendependencyproxyAuthnbypassPrivilegeescalationGraphQLBannedusers notactuallybannedPagesdomainhijackCSRF /SSRFCI/CDvariableexposureCI/CDschedulingPackageregistryAICodeownersbypass../ArbitrarypipelineexecutionLeaky rolepermissionsImpropertokenrevocationMergerequestbypassHTMLinjectionOAuth/ OIDCUserimpersonationSAMLEmojis(Re)DoSSensitivedataexposureMavendependencyproxyAuthnbypassPrivilegeescalationGraphQLBannedusers notactuallybanned

GitLab Security Updates - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. Pages domain hijack
  2. CSRF / SSRF
  3. CI/CD variable exposure
  4. CI/CD scheduling
  5. Package registry
  6. AI
  7. Codeowners bypass
  8. ../
  9. Arbitrary pipeline execution
  10. Leaky role permissions
  11. Improper token revocation
  12. Merge request bypass
  13. HTML injection
  14. OAuth / OIDC
  15. User impersonation
  16. SAML
  17. Emojis
  18. (Re)DoS
  19. Sensitive data exposure
  20. Maven dependency proxy
  21. Authn bypass
  22. Privilege escalation
  23. GraphQL
  24. Banned users not actually banned