A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning. This vulnerability in NXRM 3, which reportedly has over 150,000 active installations, was discovered by @Rico of Tencent Security Yunding Lab and @voidfyoo of Chaitin Tech.

https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-7238-insufficient-access-controls-in-sonatype-nexus-repository-manager-3-allows-remote-code-execution/