summaryrefslogtreecommitdiff
path: root/doc/api/vulnerabilities.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/api/vulnerabilities.md')
-rw-r--r--doc/api/vulnerabilities.md6
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/api/vulnerabilities.md b/doc/api/vulnerabilities.md
index b82e2b6cbdd..6ee2bbf9811 100644
--- a/doc/api/vulnerabilities.md
+++ b/doc/api/vulnerabilities.md
@@ -23,9 +23,9 @@ instead. See the [GraphQL examples](#replace-vulnerability-rest-api-with-graphql
Every API call to vulnerabilities must be [authenticated](index.md#authentication).
-Vulnerability permissions inherit permissions from their project. If a project is
-private, and a user isn't a member of the project to which the vulnerability
-belongs, requests to that project returns a `404 Not Found` status code.
+If an authenticated user does not have permission to
+[view vulnerabilities](../user/permissions.md#project-members-permissions),
+this request returns a `403 Forbidden` status code.
## Single vulnerability
View Lorry Controller Status