The confused deputy problem is, as explained by AWS:
… a security issue where an entity that doesn’t have permission to perform an action can coerce a more-privileged entity to perform the action.
In other words, it is a form of privilege escalation encountered in various forms when implementing security mechanisms.
Cross-site request forgery or clickjacking are examples of the confused deputy problem. For the former, the browser acts as the confused deputy, to perform sensitive actions against a web application. For the later, the user is the confused deputy, and is tricked into performing sensitive actions on another website.