admin/osuser2atluser.jsp lacks an XSRF token to perform user transfer operations

2012-04-19T01:17:42
ID ATLASSIAN:CONFSERVER-25264
Type atlassian
Reporter dblack
Modified 2017-02-17T05:23:55

Description

e.g. http://localhost:8090/admin/osuser2atluser.jsp?migrate=start&transferGroupMembership=true and http://localhost:8090/admin/osuser2atluser.jsp?migrate=start

When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs.