Is it dangerous to expose a front-channel logout endpoint that does not require authentication?

Is it dangerous to expose a front-channel logout endpoint that does not require authentication?

I have several apps connected to a single Identity Provider, which allows a Single SignOn experience for our users, and requires also a Single LogOut one.

For the logout, any app will start the logout request, calling the Identity Provider, which in turn will use front-channel logout to render in hidden iframes the logout URLs of all the connected applications.

However, since the session cookie is set as SameSite=Lax,it will not be sent in the call to the logout endpoint of each application. This forces this endpoint not to require authentication.

This brings me to the following questions:

1. Are these assumtions correct? Is there something wrong in that brief explanation?
2. Is having a logout endpoint that does not require authentication dangerous? If yes, what kind of attacks could happen?
3. How can those attacks be prevented or mitigated?