1.480.3. Enable security, with whatever security realm (e.g. Unix authentication), and matrix authentication with one user given all permissions and anonymous none. Enable the default crumb issuer. Configure the authenticated user's SSH public keys. Now from a shell try to use the CLI:
If you disable the crumb issuer, the same command works as expected.
Jenkins.doCli in POST mode would go through CrumbFilter, and the CLI client makes no attempt to send a crumb.