PgAdmin Installation Directory permission issue

[khushboovashi]

After installing PgAdmin, several directories, including 'bin', 'venv', and 'web', have 775 permissions.

[pravesh-sharma]

Issue fixed. Tested candidate build.

Env:
OS - Rocky 8

[abergmann]

CVE-2024-6238 was assigned to this issue.

[abergmann]

According to the NVD description this issue affects all pgAdmin <= 8.8. Is this really the case?

Furthermore, is there a git commit fixing this issue that can be mentioned here?

[cfi-gb]

https://github.com/pgadmin-org/pgadmin4/blob/REL-8_9/docs/en_US/release_notes_8_9.rst seems to link to this as:

#7605 - Fix the permissions issue in the pgAdmin installation directory on Debian and RHEL-8 platforms (CVE-2024-6238).

Doing a diff between version 8.8 and 8.9 via REL-8_8...REL-8_9 indicates a few fixes between both releases related to permissions on Debian and RHEL:

• ba5b66f
• 2d2aa45
• fa71b06
• 2b45a1f
• a60cbf0
• f7eeefa
• 3d107ea
• 4a64534
• 95ce9e9