[MEDIUM] TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users

PKSA-z12b-qvn6-4p12 CVE-2022-36106 GHSA-5959-4x58-r8c2

Affected package: typo3/cms

Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16

Reported by:
GitHub, FriendsOfPHP/security-advisories