Do not overwrite fields that are populated

ee/app/controllers/ee/projects/issues_controller.rb

@@ -66,10 +66,12 @@ module EE
       end
 
       def vulnerability_issue_build_parameters
+        issue = params[:issue]
+
         {
-          title: _("Investigate vulnerability: %{title}") % { title: vulnerability.title },
-          description: render_vulnerability_description,
-          confidential: true
+          title: issue.fetch(:title, _("Investigate vulnerability: %{title}") % { title: vulnerability.title }),
+          description: issue.fetch(:description, render_vulnerability_description),
+          confidential: issue.fetch(:confidential, true)
         }
       end
 

ee/changelogs/unreleased/299462-create-issue-from-vulnerability-details-edited-text-is-discarde.yml

+---
+title: Fixed bug that overwrote issue description changes from vulnerabilities
+merge_request: 52376
+author:
+type: fixed

ee/spec/controllers/projects/issues_controller_spec.rb

@@ -104,6 +104,15 @@ RSpec.describe Projects::IssuesController do
             expect(project.issues.last.vulnerability_links.first.vulnerability).to eq(vulnerability)
           end
 
+          it 'overwrites the default fields' do
+            send_request
+
+            issue = project.issues.last
+            expect(issue.title).to eq('Title')
+            expect(issue.description).to eq('Description')
+            expect(issue.confidential).to be false
+          end
+
           context 'when vulnerability already has a linked issue' do
             render_views
 
@@ -123,7 +132,7 @@ RSpec.describe Projects::IssuesController do
             post :create, params: {
               namespace_id: project.namespace.to_param,
               project_id: project,
-              issue: { title: 'Title', description: 'Description' },
+              issue: { title: 'Title', description: 'Description', confidential: 'false' },
               vulnerability_id: vulnerability.id
             }
           end