This refers to LDAP plugin. Exactly the same issue was raised and fixed against github-auth plugin in the past.
It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml
This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.
Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.