1 files changed, 6 insertions, 12 deletions

diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md
index 8c166c2ba2a..94f373c1c0a 100644
--- a/doc/api/vulnerability_exports.md
+++ b/doc/api/vulnerability_exports.md
@@ -19,14 +19,11 @@ Every API call to vulnerability exports must be [authenticated](index.md#authent
 
 Creates a new vulnerability export for a project.
 
-Vulnerability export permissions inherit permissions from their project. If a project is
-private and a user isn't a member of the project to which the vulnerability
-belongs, requests to that project return a `404 Not Found` status code.
-Vulnerability exports can be only accessed by the export's author.
-
 If an authenticated user doesn't have permission to
 [create a new vulnerability](../user/permissions.md#project-members-permissions),
-this request results in a `403` status code.
+this request returns a `403 Forbidden` status code.
+
+Vulnerability exports can be only accessed by the export's author.
 
 ```plaintext
 POST /security/projects/:id/vulnerability_exports
@@ -65,14 +62,11 @@ Example response:
 
 Creates a new vulnerability export for a group.
 
-Vulnerability export permissions inherit permissions from their group. If a group is
-private and a user isn't a member of the group to which the vulnerability
-belongs, requests to that group return a `404 Not Found` status code.
-Vulnerability exports can be only accessed by the export's author.
-
 If an authenticated user doesn't have permission to
 [create a new vulnerability](../user/permissions.md#group-members-permissions),
-this request results in a `403` status code.
+this request returns a `403 Forbidden` status code.
+
+Vulnerability exports can be only accessed by the export's author.
 
 ```plaintext
 POST /security/groups/:id/vulnerability_exports