CliGitApiImpl fetch method is not binding git fetch url correctly, URIished url is binding the args by filtering the user:password in the url with call to url.toString() as against url.toPrivateString() to allow the original url to be passed through.
It is understood for some git access command like commit can potentially cause issue; and it is valid to filter the user:password for special situation and enforce the security via credentials binding routes.
Fix is identified and isolated to CliGitApiImpl FetchCommand fetch_() execute method and url binding to args list around line 454 in current version is:
and to be revised as
Above revision will benefit for scenarios when we create seeding jobs to create another job and pass it parameters. This will also relieve the need to setup credentials in jenkins globally and the callers url is respected for the processing