typo3/cms and typo3/cms-core are vulnerable to authentication bypass. Restricting frontend login to specific users are organized in different storage folders (partitions), and can be bypassed, which allows an authenticated attacker to gain access to a different account when credentials are known.
github.com/advisories/GHSA-jfp7-79g7-89rf
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
github.com/TYPO3/typo3/commit/640a6f62858be87db69031f9112c9f378ea00aaa
github.com/TYPO3/typo3/commit/96ed3e627f9dd031caf537a382cdcde06d0aafcb
github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
typo3.org/security/advisory/typo3-core-sa-2022-013