The vulnerability arises from the use of a permissive CORS middleware configuration in the dbgpt_server, which sets the Access-Control-Allow-Origin header to '*'. This allows any website to make requests to the server, potentially leading to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this by hosting a malicious payload on a website, which, when visited by a user, can interact with the server's endpoints without the user's consent or knowledge. This can lead to unauthorized actions being performed on the server, such as data injection or resource usage.

An attacker hosts a malicious website containing a script that makes requests to the dbgpt_server's endpoints. When a user who has access to the dbgpt_server visits the malicious website, the script executes and sends requests to the server, performing actions such as creating knowledge spaces or retrieving model types. The server processes these requests as if they were made by the user, leading to unauthorized actions being performed.

Users running dbgpt_server version 0.6.0 with the default CORS middleware configuration are affected. This includes any instance of the server that is not properly configured to restrict access to specific origins.