Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-20 14:22:11 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-20 14:22:11 +0000
commit: 0c872e02b2c822e3397515ec324051ff540f0cd5 (patch)
tree: ce2fb6ce7030e4dad0f4118d21ab6453e5938cdd /doc/api/vulnerabilities.md
parent: f7e05a6853b12f02911494c4b3fe53d9540d74fc (diff)
download: gitlab-ce-0c872e02b2c822e3397515ec324051ff540f0cd5.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/api/vulnerabilities.md b/doc/api/vulnerabilities.md
index b82e2b6cbdd..6ee2bbf9811 100644
--- a/doc/api/vulnerabilities.md
+++ b/doc/api/vulnerabilities.md
@@ -23,9 +23,9 @@ instead. See the [GraphQL examples](#replace-vulnerability-rest-api-with-graphql
 
 Every API call to vulnerabilities must be [authenticated](index.md#authentication).
 
-Vulnerability permissions inherit permissions from their project. If a project is
-private, and a user isn't a member of the project to which the vulnerability
-belongs, requests to that project returns a `404 Not Found` status code.
+If an authenticated user does not have permission to
+[view vulnerabilities](../user/permissions.md#project-members-permissions),
+this request returns a `403 Forbidden` status code.
 
 ## Single vulnerability
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-20 14:22:11 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-20 14:22:11 +0000
commit	0c872e02b2c822e3397515ec324051ff540f0cd5 (patch)
tree	ce2fb6ce7030e4dad0f4118d21ab6453e5938cdd /doc/api/vulnerabilities.md
parent	f7e05a6853b12f02911494c4b3fe53d9540d74fc (diff)
download	gitlab-ce-0c872e02b2c822e3397515ec324051ff540f0cd5.tar.gz