[MEDIUM] TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users

PKSA-v1kb-vbr1-8fy1 CVE-2022-36106 GHSA-5959-4x58-r8c2

Affected package: typo3/cms-core

Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16

Reported by:
GitHub, FriendsOfPHP/security-advisories