Confidential flag checks issue_create_params

app/controllers/projects/issues_controller.rb

@@ -104,8 +104,9 @@ class Projects::IssuesController < Projects::ApplicationController
     )
     build_params = issue_create_params.merge(
       merge_request_to_resolve_discussions_of: params[:merge_request_to_resolve_discussions_of],
-      discussion_to_resolve: params[:discussion_to_resolve]
-    ).merge(confidential: confidential_issue?)
+      discussion_to_resolve: params[:discussion_to_resolve],
+      confidential: !!Gitlab::Utils.to_boolean(issue_create_params[:confidential])
+    )
     service = ::Issues::BuildService.new(project, current_user, build_params)
 
     @issue = @noteable = service.execute
@@ -392,10 +393,6 @@ class Projects::IssuesController < Projects::ApplicationController
     action_name == 'service_desk'
   end
 
-  def confidential_issue?
-    !!Gitlab::Utils.to_boolean(params[:issue][:confidential])
-  end
-
   def run_null_hypothesis_experiment
     experiment(:null_hypothesis, project: project) do |e|
       e.use { } # define the control

ee/app/controllers/ee/projects/issues_controller.rb

@@ -68,7 +68,8 @@ module EE
       def vulnerability_issue_build_parameters
         {
           title: _("Investigate vulnerability: %{title}") % { title: vulnerability.title },
-          description: render_vulnerability_description
+          description: render_vulnerability_description,
+          confidential: true
         }
       end
 
@@ -89,11 +90,6 @@ module EE
       def populate_vulnerability_id
         self.vulnerability_id = params[:vulnerability_id] if can?(current_user, :read_vulnerability, project)
       end
-
-      override :confidential_issue?
-      def confidential_issue?
-        vulnerability_id.present? || super
-      end
     end
   end
 end