SA-CONTRIB-2011-054 - CKEditor - Access bypass
The CKEditor module allows Drupal to replace textarea fields with the CKEditor - a visual HTML editor, sometimes called WYSIWYG editor. The module doesn't protect private files appropriately. Private files can downloaded by anyone able to guess their URL. CVE identifiers issued CVE-2011-4972...