Moodle Improper Privilege Management Vulnerability - CVE-2020-25699

In moodle insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2 3.8 to 3.8.5 3.7 to 3.7.8 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3 3.8.6 3.7.9 3.5.15 and 3.10.