It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25
github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80
typo3.org/security/advisory/typo3-core-sa-2015-002
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002