If you have a security realm that allow user without READ to connect, the CLI will not accept a Logout command from that user.

$ java -jar /Users/<user>/Projects/jenkins/test/target/junit<random>/jenkins-cli.jar -s http://localhost:<port>/jenkins/ -noKeyAuth -auth user:user logout
ERROR: user is missing the Overall/Read permission

It seems this line is the culprit.

PS: that auth method is currently deprecated if I recall correctly.