It is an individual digital space, a Virtual Health Notebook, which is open to all French people from the beginning of 2022.
It allows:
It also contains:
This site is accessible to all and compatible with all terminals (smartphones, tablets, computers). The Caisse Nationale d'Assurance Maladie (CNAM) and the French Ministry of Solidarity and Health are committed to ensuring the protection, confidentiality and security of all data (administrative and health). Its security and the protection of personal data are guaranteed by the French State, the CNIL, and the CNAM.
Their accommodation is provided in France. Among the features, some have a critical aspect for the application.
Please adhere to the following rules while performing research on this program:
We are happy to thank everyone who submits valid reports which help us improve our security, however only those that meet the following eligibility requirements may receive a monetary reward:
Reward amounts are based on:
In the context of this program, we do not intend to encourage, accept or reward reports of leaks that are not applicable to our program’s scope and identified outside of our program’s scope, such as:
Also, in order not to encourage dark and grey economies, in particular the purchase, resale and trade of identifiers or stolen information, as well as all types of dangerous behaviour (e.g. social engineering, ...), we will not accept or reward any report based on information whose source is not the result of failure on the part of our organization or one of our employees/service providers.
This excludes, but is not limited to:
Source of leak is in-scope | Source of leak belongs to our organization but is out-of-scope | Source of leak does not belong to our organization and is out-of-scope | |
---|---|---|---|
Impact is in-scope (e.g. valid credentials on an in-scope asset) | Eligible | Eligible | Not Eligible |
Impact is out-of-scope (e.g. valid credentials for an out-of-scope asset) | Eligible | Not Eligible | Not Eligible |
As a complement to the Program’s rules and testing policy :
Scope Type | Scope Name |
---|---|
android_application | play.google.com/store/apps/details?id=fr.assurancemaladie.monespacesante&showAllReviews=true (Android) |
api | api.monespacesante.fr |
api | editeur.api.monespacesante.fr |
api | api.editeur.preprod.monespacesante.fr |
api | api.preprod.monespacesante.fr |
api | preprod.api.monespacesante.fr |
api | preprod.editeur.api.monespacesante.fr |
api | www.editeur.api.monespacesante.fr |
ios_application | apps.apple.com/fr/app/mon-espace-sant%C3%A9/id1589255019 (iOS) |
mobile_applications | am.monespacesante.fr |
mobile_applications | editeur.am.monespacesante.fr |
mobile_applications | am.editeur.preprod.monespacesante.fr |
mobile_applications | am.preprod.monespacesante.fr |
mobile_applications | preprod.am.monespacesante.fr |
mobile_applications | preprod.editeur.am.monespacesante.fr |
mobile_applications | www.am.monespacesante.fr |
mobile_applications | www.editeur.am.monespacesante.fr |
web_application | www.monespacesante.fr |
web_application | admincms.monespacesante.fr |
web_application | adminstore.monespacesante.fr |
web_application | auth.monespacesante.fr |
web_application | cms.monespacesante.fr |
web_application | editeurs.monespacesante.fr |
web_application | knowage.monespacesante.fr |
web_application | support.monespacesante.fr |
web_application | auth.preprod.monespacesante.fr |
web_application | preprod.auth.monespacesante.fr |
web_application | preprod.monespacesante.fr |
web_application | preprod1.monespacesante.fr |
web_application | preprod2.monespacesante.fr |
web_application | securite.monespacesante.fr |
web_application | www.preprod.monespacesante.fr |
web_application | www.preprod1.monespacesante.fr |
web_application | www.preprod2.monespacesante.fr |
Scope Type | Scope Name |
---|---|
undefined | Anything that is not explicitely listed as part of the Scope |
Firebounty have crawled on 2022-07-08 the program Mon Espace Santé (MES) on the platform Yeswehack.
FireBounty © 2015-2025