The Confused Deputy Problem

The confused deputy problem is, as explained by AWS:

… a security issue where an entity that doesn’t have permission to perform an action can coerce a more-privileged entity to perform the action.

[AWS, The confused deputy problem](

In other words, it is a form of privilege escalation encountered in various forms when implementing security mechanisms.

Cross-site request forgery or clickjacking are examples of the confused deputy problem. For the former, the browser acts as the confused deputy, to perform sensitive actions against a web application. For the later, the user is the confused deputy, and is tricked into performing sensitive actions on another website.