The REST endpoint to retrieve cache configurations doesn't check for ADMIN permissions:

GET /rest/v2/caches/{cacheName}?action=config
GET /rest/v2/caches

The cache configuration may contain information about filesystem paths and allowed security roles which should not be viewable by non-administrators.

The first method should return a 403 in case the user doesn't have appropriate permissions.
The second method should omit the full cache configuration from the response (it returns other, non-security sensitive information).

The methods require authentication, but once authenticated, any user can invoke them successfully.