diff --git a/airflow-core/src/airflow/api_fastapi/core_api/routes/ui/config.py b/airflow-core/src/airflow/api_fastapi/core_api/routes/ui/config.py
index 2b797e648730a..413a69c3ba0f4 100644
--- a/airflow-core/src/airflow/api_fastapi/core_api/routes/ui/config.py
+++ b/airflow-core/src/airflow/api_fastapi/core_api/routes/ui/config.py
@@ -23,7 +23,7 @@
 from airflow.api_fastapi.common.router import AirflowRouter
 from airflow.api_fastapi.core_api.datamodels.ui.config import ConfigResponse
 from airflow.api_fastapi.core_api.openapi.exceptions import create_openapi_http_exception_doc
-from airflow.api_fastapi.core_api.security import requires_access_configuration
+from airflow.api_fastapi.core_api.security import requires_authenticated
 from airflow.configuration import conf
 from airflow.settings import DASHBOARD_UIALERTS
 from airflow.utils.log.log_reader import TaskLogReader
@@ -49,7 +49,7 @@
 @config_router.get(
     "/config",
     responses=create_openapi_http_exception_doc([status.HTTP_404_NOT_FOUND]),
-    dependencies=[Depends(requires_access_configuration("GET"))],
+    dependencies=[Depends(requires_authenticated())],
 )
 def get_configs() -> ConfigResponse:
     """Get configs for UI."""
diff --git a/airflow-core/src/airflow/api_fastapi/core_api/security.py b/airflow-core/src/airflow/api_fastapi/core_api/security.py
index adc6cf2e01433..4c56793df6024 100644
--- a/airflow-core/src/airflow/api_fastapi/core_api/security.py
+++ b/airflow-core/src/airflow/api_fastapi/core_api/security.py
@@ -322,6 +322,18 @@ def inner(
     return inner
 
 
+def requires_authenticated() -> Callable:
+    """Just ensure the user is authenticated - no need to check any specific permissions."""
+
+    def inner(
+        request: Request,
+        user: GetUserDep,
+    ) -> None:
+        pass
+
+    return inner
+
+
 def _requires_access(
     *,
     is_authorized_callback: Callable[[], bool],
diff --git a/airflow-core/tests/unit/api_fastapi/core_api/routes/ui/test_config.py b/airflow-core/tests/unit/api_fastapi/core_api/routes/ui/test_config.py
index 1228c505a2792..4235d3178a467 100644
--- a/airflow-core/tests/unit/api_fastapi/core_api/routes/ui/test_config.py
+++ b/airflow-core/tests/unit/api_fastapi/core_api/routes/ui/test_config.py
@@ -87,6 +87,8 @@ def test_get_config_should_response_401(self, unauthenticated_test_client):
         response = unauthenticated_test_client.get("/config")
         assert response.status_code == 401
 
-    def test_get_config_should_response_403(self, unauthorized_test_client):
+    def test_get_config_just_authenticated(self, mock_config_data, unauthorized_test_client):
+        """Just being authenticated is enough to access the endpoint."""
         response = unauthorized_test_client.get("/config")
-        assert response.status_code == 403
+        assert response.status_code == 200
+        assert response.json() == mock_config_response