Use issue links to determine vulnerability issue feedback

ee/app/models/vulnerabilities/finding.rb

@@ -211,7 +211,7 @@ module Vulnerabilities
     end
 
     def issue_feedback
-      feedback(feedback_type: 'issue')
+      Vulnerabilities::Feedback.find_by(issue: vulnerability&.related_issues) if vulnerability
     end
 
     def merge_request_feedback

ee/spec/models/vulnerabilities/finding_spec.rb

@@ -375,6 +375,9 @@ RSpec.describe Vulnerabilities::Finding do
         )
       end
 
+      let(:vulnerability) { create(:vulnerability, findings: [finding]) }
+      let!(:issue_link) { create(:vulnerabilities_issue_link, vulnerability: vulnerability, issue: issue)}
+
       it 'returns associated feedback' do
         feedback = finding.issue_feedback
 
@@ -383,6 +386,27 @@ RSpec.describe Vulnerabilities::Finding do
         expect(feedback[:feedback_type]).to eq 'issue'
         expect(feedback[:issue_id]).to eq issue.id
       end
+
+      context 'when there is no feedback for the vulnerability' do
+        let(:vulnerability_no_feedback) { create(:vulnerability, findings: [finding_no_feedback]) }
+        let!(:finding_no_feedback) { create(:vulnerabilities_finding, :dependency_scanning, project: project) }
+
+        it 'does not return unassociated feedback' do
+          feedback = finding_no_feedback.issue_feedback
+
+          expect(feedback).not_to be_present
+        end
+      end
+
+      context 'when there is no vulnerability associated with the finding' do
+        let!(:finding_no_vulnerability) { create(:vulnerabilities_finding, :dependency_scanning, project: project) }
+
+        it 'does not return feedback' do
+          feedback = finding_no_vulnerability.issue_feedback
+
+          expect(feedback).not_to be_present
+        end
+      end
     end
 
     describe '#dismissal_feedback' do