Dear SPARTA partners,

We now consider that issues #1 and #2 mentioned below have also been fixed.

Do not hesitate to contact security@sparta.eu for matters related to these issues or, more generally, to report any security-related issue.

Best regards,

Dear SPARTA partners,

Thank you to Matthias for having pointed out these three security issues:

• #1 – reported on 2019 02 18, disclosed on 2019 03 12 – HTTP page with form for MLs
• #2 – reported on 2019 02 18, disclosed on 2019 03 12 – Certificate for https://server.sparta.eu
• #3 – reported on 2019 03 12, disclosed on 2019 03 12 – Public access to MLs archives

#3, the most critical one, has been fixed almost immediately. #1 and #2 have been addressed and tests are being made to ensure they can also be considered as fixed.

The Project Security Officer of SPARTA (Florent Kirchner, CEA) scheduled a Security Advisory Board meeting to discuss about this incident and improve the procedures and technical measures. Meetings with TNK (in charge of the IT infrastructure) and UBON (having reported the issues) are also being scheduled to get more information about the circumstances. A more complete description of the incident will be sent once the whole situation is better understood.

The Security Advisory Board, composed of the Project Security Officer, the Program leaders, the Ethics Committee chair, and the Dissemination Committee chair can be contacted at bodies.security-advisory-board@internal.sparta.eu (and security@sparta.eu for external parties).

Do not hesitate to contact the Security Advisory Board or the coordination at bodies.coordination@internal.sparta.eu for matters and questions related to this incident. Please be sure we are fully committed on its complete resolution.

Best regards,

-- 

  Thibaud Antignac

  CEA List